Business Insider Edition

Hackers expose Russian intelligence agency's secret internet projects in 'the largest data leak' the group has ever faced

Kat Tenbarge , Business Insider US
 Jul 22, 2019, 11:04 AM
Russian President Vladimir Putin reacts during his talks with Kyrgyz counterpart at the Kremlin, in Moscow, Russia, July,11,2019. President of Kyrgyzstan is having his one-day visit to Russia. (Photo by Mikhail Svetlov/Getty Images)
  • In what BBC Russia says is possibly "the largest data leak in the history of the work of Russian special services on the Internet," hackers stole 7.5 terabytes of data from a major contractor of Russia's Federal Security Service.
  • On July 13, hackers targeted a Moscow information technology company, "Sitek," or SyTech, and defaced the company's homepage with a " Yoba Face," a fixture of Russian internet slang that denotes trolling.
  • The hackers relayed data to journalists that detailed several secret Russian internet projects, including Federal Security Service attempts to de-anonymise Tor browsing, scrape social media sites, and split the Russian internet off from the rest of the world.
  • For more stories, go to Business Insider SA.

Russia's principal security agency, the Federal Security Service (FSB), was targeted by hackers in what BBC Russia reports is possibly "the largest data leak in the history of the work of Russian special services on the Internet."

On July 13, hackers operating under the name "0v1ru$" breached a major information technology contractor of the FSB, the Moscow company "Sitek," or SyTech, and stole 7.5 terabytes of data. For reference, a terabyte can hold 200,000 5-minute songs, or 500 hours worth of movies.

The hackers defaced the company's homepage with a "Yoba Face," a Russian meme that denotes trolling, along with pictures that showcased evidence of the breach. The 0v1ru$ hackers passed the data along to a larger, more well-known hacking group Digital Revolution, which has targeted the FSB before.

It is unclear whether 0v1ru$ is directly affiliated with Digital Revolution, but the latter passed the data along to media organisations and tweeted notable discoveries, suggesting that the FSB rename its activities "Project Collander" after the breach.

A purported screenshot of the Moscow information technology company "Sitek," or SyTech, homepage after it was breached by hackers identified as "0v1ru$." The image is a Russian meme associated with trolling, referred to as the "Yoba Face."

While the magnitude of the breach may be historic, the data unearthed projects with goals that were already known or suspected, Forbes reported. Nonetheless, the names, affiliates, and targets of the project were kept secret prior to the hackers' breach.

The unearthed cyber projects included at least 20 non-public initatives, and 0v1ru$ also released the names of the SyTech project managers associated with them. BBC Russia reports that none of the breached data contains Russian government secrets.

Projects referred to as "Nautilus" and "Nautilus-S" appear to be attempts to scrape social media sites for data extraction, and to identify Russian internet users who seek to access the internet anonymously via Tor browsers that withhold users' locations. Forbes reports that the "Nautilus-S" projects is believed to have made progress since its initial launch in 2012, under FSB's Kvant Research Institute.

Project "Mentor" appears to focus on data collection from Russian enterprises, while "Hope" and "Tax-3" appear to relate to Russia's ongoing initiative to separate its internal internet from the world wide web.

Russian President Vladimir Putin previously signed provisions for an initiative to ensure that the Russian internet could operate independently from the world wide web in the event that it was disconnected for any purpose, internal or otherwise.

BBC Russia reports that SyTech's projects were contracted under the signals intelligence division of the FSB, the same group that was accused of emailing spyware to Ukrainian intelligence officials in 2015.

Digital Revolution claims that it passed the breached data onto media organisations without editing or altering any of the information. The 0v1ru$ group is seemingly unknown, and has not released any further comment since the breach. The FSB has not commented on the matter.

Receive a single WhatsApp every morning with all our latest news: click here.

Also from Business Insider South Africa:

  • Indicators
  • JSE Indexes

Get the best of our site delivered to your inbox every day.

Sign Up