By Owen Matthews / February 12, 2014
The 2014 Sochi Olympics have become a giant testing ground for some of the most intensive, extensive and intrusive electronic surveillance operations ever mounted. There’s even evidence that criminal hackers are working alongside Russian spies to mine information.
“Sochi is a trial run,” says Keir Giles, a cyber security expert at the Royal Institute of Strategic Studies in London. A special section of the Russian security force FSB – the successor to the KGB – has spent years perfecting a total monitoring system around Sochi which automatically tracks mobile calls, email, social networks and all the links between them, adding in data from passenger lists, drones and roadside cameras.
It’s enormously sophisticated and of course expensive – but also, most notably perhaps, the first rollout of a new generation of absolute surveillance. If it works in Sochi, the FSB is expected to deploy its new toy across Russia – and other totalitarian, and supposedly not so totalitarian, countries might also be interested.
At the heart of the surveillance armory of the FSB is the ‘System of Operative-Investigative Measures’ or SORM. First invented in the 1980s to manage phone taps, the latest version – known as SORM-3 — is essentially a giant vacuum cleaner which scoops all electronic communication from all users all the time, including the contents of all emails, social networks, mobile and voice-over-internet calls, and stores it for future use.
“Russia’s ability to gather information via SORM is unparalleled,” says Alexander Klimburg, an adviser on cyber security to the European Union and the Organization for Security and Co-operation in Europe and a fellow at Harvard’s kennedy School. “No country has ever developed this level of network control. Anything that is said or written on any communications network in Russia is essentially to be stored forever.”
SORM makes the United States’ National Security Agency’s PRISM system – details of which were leaked by contractor Edward Snowden, now living in Russia – look distinctly underpowered. PRISM is first and foremost “not an interception or intrusion but rather a data mining tool,” according to a forthcoming paper on cyber security published by London’s Chatham House, based on Snowden’s revelations.
PRISM analyzes so-called metadata – connections between users – to build a picture of suspicious patterns of behaviour. It can also record the data-use habits of specific individuals who are entered into the system as persons of interest. But its first and foremost intended as a data-mining tool for use outside the United States – though it remains somewhat controversial because it can sweep up American communications and “minimization procedures” don’t always protect that “incidental collection.”
The FSB’s SORM-3, on the other hand, is designed specifically to search content as well as meta-data. Cyber security experts speculate that SORM has the state-of-the-art ability to perform real-time ‘deep-packet-inspection’ – reading and listening to communications and setting off alarms when triggered by specific keywords.
But it is the other tricks up the FSB’s sleeve that have foreign security experts really worried. Independent journalist and security expert Jacob Appelbaum revealed at a hacker conference in Germany last year that Smartphone can be infected by any 4G mobile internet network using technology first pioneered by the NSA. “An infected phone effectively becomes a portable listening device,” says Klimburg.
There’s been no direct evidence of the FSB targeting Sochi visitors’ phones. But according to one US security official not authorized to talk on the record, “the risk of infection through 4G networks is significant enough” to prompt an unusual US State Department warning last month.
Sochi visitors should “consider traveling with ‘clean’ electronic devices,” warned the State Department. “Do not check business or personal electronic devices with your luggage at the airport. … Do not connect to local ISPs at cafes, coffee shops, hotels, airports, or other local venues. … Change all your passwords before and after your trip. … Be sure to remove the battery from your Smartphone when not in use.”
There has been hard evidence, though, that hacker groups associated with the FSB have stepped up their activities around Sochi – and that they are using malware technology usually associated with bank-password theft to spy on visitors. A report last week by cyber-threat intelligence firm Lookingglass Cyber Solutions warned that long-dormant servers associated with Russian Business Network — a notorious Russian cyber-crime giant specializing in identity theft – have recently lit up with traffic from around Sochi.
“We were able to hone in on several new top-level domains and saw that the individuals that registered those also had a larger footprint of registrations at the global level” linked to Russian cyber-crime organizations, Lookingglass CEO Chris Coleman told FedScoop, a website associated with US law enforcement. At the same time, Lookingglass’s analysts spotted a surge in cyber crime, for instance the Russian-designed Cutwail spam operation that uses social engineering to lure individuals to click on links and enter personal information.
The implications of an upsurge in cyber crime in the most heavily-policed cyber environment in history are disturbing. “It stinks,” says Klimburg. “There are strong indications of intelligence community involvement.” Links between the Russian Business Network (RBN) and the FSB go back to at least 2007, when a massive cyber attack against Estonia put the entire country offline for hours – and was widely interpreted as Russian revenge for the dismantling of a Soviet era war memorial in Talinn.
The global network of infected computers that bombarded Estonia – known as a botnet – was controlled in part from servers associated with RBN. Now it seems that the same hackers who set up RBN are back in business – apparently working both for themselves and the FSB.
“You have a lot of dignitaries staying in just a few hotels,” says Klimburg. “The same malware that can steal social security numbers and bank codes can also steal intranet passwords and other sensitive information.”
No-one disputes Russia’s right to keep the Olympics safe and secure. Two suicide bombings in the nearby city of Volgograd killed 34 people in December (the suspected mastermind, Dzamaltin Mirzayev, was killed in a shoot-out in Dagestan on February 6) and Chechen separatist leader Doku Umarov has vowed to disrupt the “satanic” Games.
The FSB has also accepted some help from the West in the form of the Stand-off Detection of Explosives and Suicide Bombers system, known as STANDEX – essentially a long-range explosives sniffer system which can scan large crowds. “It’s one of the few successful co-operations between NATO and the Russians,” says Giles. “Otherwise Russian officials have been very reticent about sharing practical details of how they are securing the Games.”
But it’s indicative of the FSB’s basic priorities that it appointed not a terrorism expert but one of its top counter-intelligence chiefs, Oleg Syromolotov, to be in charge at Sochi: security will be overseen by someone who has spent his career chasing foreign spies rather than terrorists.
The FSB’s immediate goal is to secure the Olympics – and perfect its systems of total control of all electronic communications and total surveillance.
Even hotel showers aren’t safe, apparently. Deputy prime minister Dmitry Kozak batted away a reporter’s questions about sub-standard infrastructure at the Winter Olympics in Sochi last week with a boast. “We have surveillance video from the hotels that shows people turning on the shower, directing the nozzle at the wall and then leaving the room for the whole day,” said an indignant Kozak.
What else had the FSB had observed in Sochi’s hotel bathrooms? Aides quickly whisked Kozak away before sniggering journalists got a chance to ask.
But the FSB’s bid to perfect ways to control all electronic communications is no laughing matter. The U.S. State Department has warned that visitors to Russia should have “no expectation of privacy,” that all means of communication should be “assumed to be monitored.” Ironically it is the FSB, Edward Snowden’s protector, that is coming closest to making Snowden’s dystopian nightmare of a total surveillance society a reality.