Hackers unravel the FSB who violated Tor

Hackers managed to break into SyTech, an external partner of the FSB (Russia's national intelligence service), and obtained information about their hacking projects. One of them was the de-anonymization of the Tor network traffic.

The breach took place last weekend, July 13, when a group of hackers named 0v1ru $ broke into SyTech's Active Directory server from where they gained access to the company's entire network.

The hackers stole 7.5 TB of data, of which posted snapshots on Twitter and later shared the stolen data with the digital revolution, another hacking group that disbanded Quantum, another FSB external partner, last year.


The secret projects of FSB

According to Russian media, the records show that SyTech has been working since 2009 on many projects for FSB and its partner Quantum.

These projects are listed below:

  • Nautilus - a project for the collection of data by users of social networks (such as Facebook, MySpace and LinkedIn).
  • Nautilus-S - a project to de-anonymize Tor network traffic with the help of malicious servers.
  • Reward - a project for covert penetration into P2P networks, the protocol used in torrents.
  • Mentor - a project for monitoring and retrieving emails on servers of Russian companies.
  • Hope - a project to explore the topology of the Russian Internet and how it connects to other countries' networks.
  • Tax-3 - a project to create a closed intranet for the storage of information by extremely sensitive politicians, judges and local government officials, separate from the rest of the state networks.

BBC Russia, which received the leaked data, claims that there were other older programs for researching other network protocols such as Jabber (instant messaging), ED2K (eDonkey) and OpenFT (business file transfer).

Other files posted from her account Digital Revolution Twitter claims that the FSB is monitoring students and retirees.

But while most projects seem to be just for research with modern technology, there are two that seem to have been tested in the real world.

The first is Nautilus-S, to de-anonymize Tor network traffic. BBC Russia he says that work on Nautilus-S began in 2012. Two years later, in 2014, academics from Karlstad University in Sweden, published a paper which described in detail the use of malicious nodes in the Tor network trying to decrypt the traffic.

The researchers identified 25 malicious servers, 18 of which were located in Russia and were running Tor version, the same one described in the leaked files.


iGuRu.gr The Best Technology Site in Greecegns

every publication, directly to your inbox

Join the 2.110 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).