When the Ukrainian war broke out last year, Russia’s top digital spies turned to new tools to fight enemies on another front, those who opposed the war within its borders.
To help crack down on the country, Russian authorities have amassed technology to track their citizens’ online lives. After the invasion of Ukraine, the demand for additional surveillance tools increased. This has inspired a cottage industry of technology contractors to develop products that have become powerful and novel means of digital surveillance.
The technology has given the police and the Russian Federal Security Service (better known as the FSB) access to a range of snooping features focused on everyday use of phones and websites. According to documents from a Russian surveillance provider obtained by The New York Times, these tools can be used to track certain activities on encrypted apps like WhatsApp and Signal, monitor phone locations, and track anonymous social media users. It provides a method that allows you to specifically break into people’s accounts. It also includes security professionals, digital activists, and those involved in national digital surveillance activities.
President Vladimir V. Putin exercises political power as Russia faces military setback in Ukraine, severe economic sanctions and leadership challenges after Wagner militia commander Yevgeny V. Prigozhin’s post-insurrection are leaning more towards technology. In doing so, Russia, once lagging behind authoritarian regimes like China and Iran in using modern technology to exercise control, is rapidly catching up.
“People have become very paranoid because they are not sure if it is safe to communicate with anyone inside Russia. They monitor traffic very aggressively,” said Russia’s opposition politician and digital rights activist Alena Popova said. “Previously it was only for activists. Now we have expanded it to anyone who opposes the war.”
The effort has enriched the coffers of a group of relatively obscure Russian tech companies. Many are owned by the Citadel Group, a company partially controlled by former European Union target Alisher Usmanov. sanctions As one of Putin’s “favorite oligarchs.” Some companies are looking to expand overseas, increasing the risk that their technology will not remain in Russia.
With names such as MFI Soft, Vas Experts and Prorei, these companies typically start by building parts of Russia’s invasive wiretapping systems before developing more sophisticated tools for Russian intelligence services. .
According to the document, the easy-to-use software that connects directly to telecommunications infrastructure offers a swiss army knife of espionage potential. Documentation includes technical drawings, emails and screenshots. The Times obtained hundreds of files from individuals with access to internal records, about 40 of which detailed surveillance tools.
One of the programs outlined in the article can identify when people make voice calls or send files on encrypted chat apps such as Telegram, Signal and WhatsApp. . The software can’t intercept a particular message, but it can determine if someone is using multiple phones, map their relationship network by tracking their communications with others, and You can triangulate which phones were at a particular location. Another product can collect passwords entered into unencrypted websites.
These technologies are used by Russia to shape public opinion and suppress dissent, including propaganda attacks on state media, increased internet censorship, and a new effort to collect public data and encourage reporting of war-damaging social media posts. It complements the other efforts of
These are the beginnings of a ready-made toolkit for dictators who want to control what they say and do online. One document outlining the capabilities of various technology providers refers to a “eavesdropping market,” a supply chain of equipment and software that pushes the boundaries of digital mass surveillance.
Authorities are “essentially fostering a new set of Russian corporations that have emerged as a result of the state’s repressive interests,” said Adrian Shabaz, vice president of research and analysis at the pro-democracy advocacy group Freedom House. speaks. suppression. “Ripple effects will first be felt in the region and then potentially around the world.”
Beyond the “Eavesdropping Market”
Over the past two decades, Russian leaders have struggled to manage the Internet. To remedy that, they ordered the activation of a system to tap telephone calls and unencrypted text messages. It then required Internet service providers to keep records of all Internet traffic.
Formally known as the System of Operations Investigative Operations (SORM), this expanded program was an imperfect surveillance tool. Russian telecom providers often installed and updated their technology imperfectly, and their systems didn’t always work properly. The amount of data coming in can become overwhelming and unusable.
Initially, the technology was used against political opponents, including supporters of imprisoned opposition leader Alexei A. Navalny. Digital rights experts said the tool was in high demand after the invasion of Ukraine. Russian authorities turned to local tech companies that built outdated surveillance systems and asked for more.
The push has benefited companies like Citadel, according to the US State Department. Citadel bought many of Russia’s digital eavesdropping equipment makers and controlled about 60-80% of the communications surveillance technology market.announced by the United States Sanctions against the Citadel and its current owner Anton Cherepennikov. in February.
“Military and communications-related sectors are now heavily funded to adapt to new demands,” said Ksenia Hermosina, a senior researcher who studies Russian surveillance companies at the University of Toronto research institute Citizen Lab. There are.”
New technology has given Russia’s security services a closer look at the Internet. According to one graph, a tracking system from Citadel subsidiary MFIsoft is used to display information about telecommunications subscribers and a statistical breakdown of their internet traffic on a dedicated control panel used by her FSB officials in the region. Helpful.
Another MFI Soft tool, NetBeholder, maps the daily positions of two phones to identify if they bumped into each other at the same time, indicating possible encounters between people.
Another feature uses location tracking to see if multiple phones are frequently in the same area, inferring if someone might be using more than one phone. . NetBeholder’s system has full access to telecommunication network subscriber information, so it can also pinpoint each user’s Russian region and country of origin for foreigners.
Another company, Prorei, offers a product that provides voice-to-text transcription of intercepted calls and tools for identifying “suspicious activity,” according to a document.
Hermosina said Russia’s vast data collection and new tools make for a “killer combo”, adding that such capabilities are becoming more and more widespread across the country.
Citadel and Protey did not respond to requests for comment. A spokesperson for Usmanov said that Usmanov “has not been involved in any management decisions in recent years” involving the parent company called USM, which owned Citadel until 2022. A spokeswoman said Usmanov, who owns 49% of USM, sold Citadel for the following reasons: Surveillance technology was never in the company’s “scope of interest.”
VAS experts said the “complex geopolitical situation” and the number of threats inside Russia have increased the need for the tool. The company “develops communications products for use by FSB agents fighting terrorism, including tools for lawful interception,” it said, adding that if the technology “saves at least one life and the well-being of people, I There’s a reason we’re working on it,” he added. “
no way to mask
With the authorities cracking down, some citizens have turned to encrypted messaging apps for communication. But security services also found a way to track these conversations, according to files reviewed by The Times.
One of NetBeholder’s features utilizes a technique called deep packet inspection, which communication service providers use to analyze where their traffic is going. Much like mapping the flow of water in a creek, software can’t intercept the content of messages, but it can identify what data is flowing where.
This means you can pinpoint when someone sends you a file or connects to a voice call with encrypted apps like WhatsApp, Signal, Telegram and more. This gives the FSB access to important metadata. Metadata is general information about a communication, such as who is talking to whom, when, where, and whether the message has attachments.
To obtain such information in the past, governments had to request information from app makers like Meta, which owns WhatsApp. Those companies then decided whether to offer it.
This new tool has alarmed security professionals and creators of cryptographic services. Security experts said many knew such a product was theoretically possible, but didn’t know that it was now being manufactured by a Russian contractor.
Some of the encrypted app tools and other surveillance techniques are beginning to spread beyond Russia. Marketing documents show efforts to sell products in Eastern Europe, Central Asia, Africa, Middle East and South America. in January, citizen lab An Iranian telecommunications company reported using Prorei equipment to log internet usage and block websites. Ermosina said the system was also seen in the Russian-occupied territories of Ukraine.
For the creators of Signal, Telegram and WhatsApp, there are few defenses against such tracking. That’s because authorities have a bird’s-eye view of the network, collecting data from Internet service providers. Encryption can hide certain messages being shared, but it cannot block the recording of exchanges.
“Signal was not designed to hide the fact that you are using Signal from your Internet Service Provider,” Signal Foundation Chairman Meredith Whitaker said in a statement. She urged those concerned about such tracking to use the ability to send traffic through another server to obscure the origin and destination of the traffic.
In a statement, Telegram also said that while it doesn’t encrypt all messages by default, it can’t mask traffic sent to or from chat apps, making it difficult to identify and track Telegram’s traffic. He said it was possible for people to use functions that were created to do so. WhatsApp said in a statement that surveillance tools are a “imminent threat to people’s privacy around the world” and that they will continue to protect private conversations.
New tools could change best practices for those who want to disguise their online behavior. In Russia, the existence of digital exchanges between suspects and others could lead to deeper investigations and even arrests, according to people familiar with the process.
Freedom House researcher Shabazz said he expects Russian companies to eventually compete with the usual suppliers of surveillance tools.
“China is the pinnacle of digital authoritarianism,” he said. “But there is a concerted effort in Russia to overhaul internet regulation to bring it closer to China. Russia will emerge as a competitor for Chinese companies.”
