SORM-2.
Corm (System technical means To provide functions of operational search events) - According to the law "On Communication" and the order of the Ministry of Communications No. 2339 of August 9, 2000, a complex of technical means and measures intended for conducting operational search activities on networks of telephone, mobile and wireless communications and personal radio calling.
The concepts of "SORM-1" should be distinguished (a system of listening to telephone conversations, organized in 1996) and "SORM-2" (system of communication sessions: both telephone conversations and access to the Internet, organized in 2000 (PTP, KTKS )).
All communication operators are presented to install the equipment "Cormal" at its own expense (that is, in the end, due to customers), otherwise there will be problems with the delivery of the communication node.
In accordance with Article 23 of the Constitution of the Russian Federation, restriction of secrecy of communication is allowed only by court decision. At the same time, the law in violation of the Constitution mentions the possibility of using Cormal to decide.
From Article 64: "On the responsibilities of telecom operators during operational search activities and implementation investigative actions»Federal Law" On Communication ":
1. Communication operators are required to provide authorized government agenciesWhen conducting operational search activities, information about users of communication services, as well as other information necessary to fulfill the tasks assigned to these bodies.
see also
Links
- Federal Law of July 5, 1995 No. 144-FZ "On Operational Investigative Activities"
- On the procedure for introducing a system of technical means to ensure operational search activities - Order No. 130 of 25.07.2000.
- Reference publication on the issues of cord, issued by the editors of famous domestic communications scientists
- "Sorry in myths and in communication networks" Kabanov Sergey Alekseevich (article in the journal "Documentary Electrosvyaz" N3, 2000) (article from the site of the FSB of Russia)
- Criticism of this article: "Sorry in communication networks and in the Agitprom COS FSB" in Libertarium
- "On approval of the rules for the interaction of telecom operators with authorized state bodies carrying out operational-search activities" - Decree of the Government of the Russian Federation of August 27, 2005 N 538
- "On approval of requirements for telecommunication networks for operational-search activities. Part I. General Requirements "- Order No. 6 dated January 16, 2008
- Thematic materials, grade articles. Network architectures of the SORM in the process of transition to NGN
- Equipment and solutions from the SORM company NTCs
Wikimedia Foundation. 2010.
- SPS
- SOS
Watch what is "SORM-2" in other dictionaries:
Corm - (Sokr. From the system of technical means to provide functions of operational search activities) a complex of technical means and measures intended for operational search activities in networks of telephone, movable and wireless ... Wikipedia
Corm - means of providing operational search activities The system of operational search events http://www.libertarium.ru/ Libertarium / Sorm / Dictionary: Dictionary of abbreviations and abbreviations of the army and special services. Cost. A. A. Locks. M ... Dictionary of contractions and abbreviation
Corm - System of operational search events ... Universal extra practical dictionary I. Mostitsky
Corm - System of operational search activities (MN.ch.) ... Dictionary of abbreviations of the Russian language
sormeite - Cormal Ait, and ... Russian spelling dictionary
Censorship in post-Soviet Russia - This article is offered to remove. Explanation of the reasons and the appropriate discussion can be found on the Wikipedia page: to remove / August 11, 2012. While the discussion process is not completed, the article is possible ... Wikipedia
Mystery of communication - Secrets of communication (in Jur. Science) the value provided by the right to the mystery of communication. Currently, the right to the mystery of communication is considered an integral part of human rights of natural and inalienable personal rights recognized by international level. ... ... Wikipedia
Phantom (telephone registrar) - This term has other meanings, see Phantom ... Wikipedia
Censorship on the Internet - Internet censorship is control or prohibition of materials that anyone can publish on the Internet or download from it. Internet censorship has the same legal basisAs censorship print. The main difference is the ... Encyclopedia Newsmakers
MFI Soft - Type Private location Moscow, Russia Key figures Alexander Yves ... Wikipedia
Books
- Copm interfaces. Directory, Goldstein Boris Solomonovich, Kryukov Yuriy Sergeevich, Pinchuk Anton Vladimirovich, Khigay Ilya Pavlovich, Hispobrian Victor Emmanuilovich. The interfaces of switching nodes and stations with support tools for operational-search activities (cormar) in communication networks, both traditional, switched channels and packages, so ... to buy for 642 rubles
- Copm interfaces. Directory by telecommunication protocols ,. The interfaces of switching nodes and stations with support tools for operational search activities (sorpet) are considered in communication networks, both traditional, switched channels and packages, so ...
We briefly spoke about the grade (system of operational-search activities) and the possibility of using the staff functions of DPI systems to act as a collection of statistics from traffic and blocking data types that do not represent interests for the UFSB of Russia (prefilter functionality).
Recall that the main task of the cormor is to ensure the security of the state and its citizens, which is achieved by selective control of the auditioned information. Sorph development is carried out according to the orders of the State Committee, Ministry of Communications and Resolutions of the Government of the Russian Federation, the meaning of which is to oblige communication operators to "provide authorized government agencies carrying out operational-search activities or ensuring security Russian Federation, information about users of communication services and communication services provided by them, as well as other information necessary to fulfill the tasks assigned to these authorities in cases established by federal laws. "
Describing the presence of the concepts of SORM-1, SORM-2, SORM-3, we did not give answers to the significant differences between these versions. If the SORM-1, designed in the 80s, is necessary for listening to telephone conversations and no other function carries, then the differences between the SORM-3 from SORM-2 require explanations.
SORM-2 - Questions and Answers
What is SORM-2?
This is a system for tracking Russian Internet users. It is a device (server), which is connected to the equipment of the provider (telecom operator). The provider only includes it in its network and does not know about the goals and methods of listening, the Office is engaged in special services.
How are operational-search internet events?
The special services begin control of a person and his traffic, if he falls under suspicion of committing or planning illegal actions (theft, hacking, terrorism, extortion and other criminal and serious administrative offenses). The person behind which the surveillance is installed, in no way can determine what it happens, just as the provider does not know who the special services watching.
Since the equipment of the grade must be set by any Russian telecom operator or provider, you can listen to any user. You can avoid control only without using the Internet.
How legal is such control?
All actions of special services for suspected citizens are regulated by federal laws and orders of the Ministry of the Russian Federation. Follow legally.
What is needed for?
To ensure the safety of citizens and the state. federal Service Safety (FSB) is engaged in the control of identified or potential threats, as well as subjects under suspicion. She is not interested in a personal life of a citizen, nor what he is engaged in the Internet, until it creates threats.
In other countries, also follow the citizens?
Yes, follow. There are similar systems in other countries: in Europe - Lawful Interception (LI), certified ETSI, in the US - Calea (Communications Assistance for Law Enforcement ACT). The difference between our grade is in controlling the execution of functions. In Russia, unlike Europe and the United States, the FSB employees must have a current judicial prescription, but they can connect to the equipment of the grade without presentation of the court order operator.
Who should install SORM-2?
According to the law, so as not to lose the license, SORM-2 should establish all telecom operators and Internet providers working in Russia. This applies to both large companies (Rostelecom, MTS, MegaFon, Beeline) and small provincial providers.
How can I technically monitor all and all?
You do not need to follow everyone, only the group of persons who cause interest among special services fall under control. If the "top" command is received, with the help of SORM-2, a surveillance begins for a particular user and traffic that it generates. So we came to innovations into legislation that we call SORM-3 and which significantly expand the possibilities of special services.
Control - only grazing?
Not! Every day, in any person, control is monitored: in the store - who, how much and what and what, on the computer - what programs do you use and what actions with them are committing (voluntary statistics for developers), in the subway - where and how many times went. All this allows various structures to develop their services, make them more attractive for the consumer. Sorry does it to ensure security, and not for commercial purposes.
SORM-3 - What's new?
The main goal of SORM-3 is to obtain the most complete information about the user, and not only in real time, but also for a certain period (up to 3 years). If the SORM-1 and SORM-2 intercept information from the user, then SORM-3 does not contain such information, and it stores only statistics, sails it and creates a person's profile on the Internet. To accumulate such data data, large storage systems will be applied, as well as the Deep Packet Inspection (Deep Packet Inspection) systems for reading unnecessary information (films, music, games), which does not contain useful information for law enforcement.
SORM-3 carries an important function to ensure the safety of citizens and the state, allowing not to disclose the offenses of "random criminals", but to prevent illegally activities involved in organized offenses in large sizes (terrorism, economic crimes, etc.).
Also, amendments to the law, the requirements for communication channels from the network equipment of the telecom operator to the SORM-3 are clearly regulated. A SORM-3 functionality should provide network packet binding to specific user identifiers for which traffic can be selected. From key identifiers, you can call: logins to mail and messengers, phone numbers, email addresses, user location, IP address and URL of resources visited and others.
This allows you to get much more user information and its surroundings.
The old SORM-2 equipment will not be able to perform new features, because it was developed for other purposes, which means it is necessary to modernize it or replacement (at the same time the traffic puller in the SORM-2 and SORM-3 in theory should be the same).
The main functions and properties of SORM-3:
- Collect the requested information and its update takes real time.
- Access to the equipment of the SORM-3 and the collected information is carried out at any time.
- According to the law, information is stored up to 3 years.
- Access to the stored information has only law enforcement officers who have the necessary rights (using the relevant vendor control panel).
- Collection of information is carried out on the criteria that are defined in the request. The information collected may be visualized and prepared for further analysis.
- SORM-3 equipment does not make changes to the network operator (provider).
- Storage systems with scaling and backup support are used to store data.
- Working with the system is possible only through a specialized control panel of various manufacturers (multi-thunder solution).
SORM-3 implementation scheme in operator network
| Name | Description of the system |
| x.DR Adapter. | The system component designed to collect data on perfect events. |
| DBMS | Subscriber data storage. Implemented on the basis of the postgreSQL server. Data access is provided both in the form of rest interfaces and in the form of batch interfaces for filling data. |
| Business logic server | The core of the SORM-3 system. Contains logic to implement search queries, user authorization mechanisms, auditing access to data, etc. Also, the system provides orchestration requests to subscriber and statistical data storage. |
| Billing &PAYMEN.t. | The component of the system designed to collect events from the ASR to change subscriber data (sales, activation of equipment, termination of contracts, change the owner of subscriber devices), as well as a module for obtaining information about subscriber payments from ASR. |
| DPI Adapter.Skat | A component of the system designed to collect data on receiving and transmitting batch data by subscribers. The module takes over the data transfer protocols and transmits information about the connection statistics in the repository. |
| Event Storage | The statistical data repository of subscriber events, built on the MPP principle using one of the Framework based on HDFS. |
| Adapter to Pu | The interface module with a control panel installed in UFSB. |
Some data on the technical means system to ensure the functions of operational-rosewic measures (sorm) in Russia. Cormal - is not just a complex of equipment and software required for the legitimate interception. Today is a separate industry comprising scientific research question, production and technical support Equipment, software development and interfaces, a branch that extends its impact on all existing communication networks, with the exception of telegraph channels.
Corm (Sokr. from FROMextent of technical means to provide functions aboutperativno- roccupants m.events) - a complex of technical means and measures designed to carry out operational search activities in telephone, mobile and wireless communication networks and radio communications (according to the law "On Communication" and the order of the Ministry of Communications No. 2339 of August 9, 2000).
The concepts of "SORM-1" should be distinguished (a system of listening to telephone conversations, organized in 1996) and "SORM-2" (the name is proposed by V. Ionov - the system of the logging of access to the Internet), developed by the Working Group of Representatives of the State Committee of Russia, FSB of Russia, Central Communications and Headsvandzor under the leadership of Yu. V. Zlatkis and organized in 2000 (PTP, KTKS).
1913: The first telephone listener system
In 1913 in the room IV State Duma In St. Petersburg, equipment was installed, allowing you to ease telephone negotiations. After that, any mention of the installation and development of equipment of the SORM was not met, until 1992, when the order No. 226 was published "On the use of communications tools to ensure operational search activities of the Ministry of Security of the Russian Federation", which required the premises and Equipment to law enforcement agencies for legitimate interception. After that, the light, with enviable constancy, published new orders, which complemented or replaced individual items of previous documents.
Restriction of communication secrets in Russia
All communication operators in Russia are subject to the requirements for approval of the plan for the implementation of "Sorph", otherwise their license may be annulled.
In accordance with Article 23 of the Constitution of Russia, the restriction of communication secrets is allowed only by court decision. At the same time, the law mentions the possibility of using the Cormal Statement before the court decision, "in cases established by federal laws." :
In the Russian Sorry of Special Services, independently, without contacting the court, determines the user who needs to be controlled and independently does it, therefore there is no separate on the model of the Russian grad administrative function, It can be said that it is integrated into a corm.
From Article 64: "On the duties of telecom operators in conducting operational-search activities and the implementation of investigative actions" of the Federal Law "On Communication":
1. Communication operators are obliged to provide authorized government agencies carrying out operational and search activities or ensure the security of the Russian Federation, information about the users of communication services and the communication services provided to them, as well as the other information necessary to fulfill the tasks assigned to these authorities in cases established by federal laws.
For directly listening conversations, the official court decision is required, but for obtaining other information (for example, the facts of making calls) are not required for the court. As a rule, the system of cormaries technically distinguishes the rights of access of operators to the system, and record the history of use, which ensures protection against abuse by individual law enforcement officers.
2000: the introduction of SORM-2 is postponed
Attempts to legal monitoring of Internet activity of users have been made more than once, so in the year 2000 a number of decrees were issued, which regulated the rules for organizing a cum on communication networks. However, this fact caused a strong response of the public, and then through the court managed to suspend the action of orders, which made it possible to delay the implementation of SORM-2 on the Internet.
Development of a new order, requirements and related documents took about eight years, accompanied by numerous discussions and discussions. During this time, it has time to change quite a lot, both in the telecommunications market and in the surrounding world.
2008: Start of the updated SORM-2
In early 2008, the order did not cause such a strong resonance as it was 8 years ago. His creators took into account the old errors, and did not make a document containing the requirements for channels, interfaces and data network equipment to ensure operational search activities, unlike a similar document for TFP and ATP.
However, some features of the cum on the data network are still known. For example, the SORM control panel should be able to work with AAA protocols of the provider (RADIUS or TACACS +), and, in the event of a dynamic allocation of IP addresses, all the necessary address information should be directed to the PU substant.
The main point of legal interception on the SPD is the possibility of obtaining law enforcement agencies of all information transmitted and received by the controlled user. In the conditions of the packet switching network, this task is not at all trivial and requires an individual approach for each specific network. The choice of the most acceptable option to the organization of the ORPM on the network falls on the operator, despite that it must comply with all the requirements put forward by law enforcement agencies.
Naturally, in this case, the implementation of the SORM-2 implementation on the network of service providers will be a unique project. Accordingly, its cost will be quite significant, which is undesirable for the operator, as well as the project implementation time can stretch for many months, which is already unacceptable for law enforcement agencies. For both sides, the most appropriate will be the implementation of a typical universal project, the differences of which will be concluded only in detail that do not affect its main architecture.
SORM-2 SOLLING AND INSTALLATIONS
When choosing an option for legitimate interception on the communication network, law enforcement agencies put forward their decisions on the basis of the requirements for the SORM-2, which they need to be performed. And since the requirements for legitimate interception on the data network remain fairly "amorphous" concept, then the operator has to adapt to them in each particular case.
The most suitable solution to solve the majority of the problems arising, was a system of passive monitoring of information and intercepting information on the network. General scheme Connecting the equipment of passive interception is shown in Fig. one .
The advantages of this scheme are obvious both for the telecom operator and for law enforcement agencies. However, it did not work out and some difficulties associated primarily with the installation and installation of a specialized "aggregating router" on the operator's network. This equipment is a point of the concentration of all traffic on the network, through which 100% of information circulating over the network passes.
If this scheme is applied on IP-telephony networks, we obtain a powerful tool that allows at the minimum cost from the operator and while maintaining all required requirements By law enforcement agencies, to implement a full range of vehicles. Such an effectiveness of its use is explained by telephone networks by the fact that the requirements for SORM-1 prescribe interception of only telephone traffic and signaling messages. Accordingly, its implementation allows you to fully implement all the requirements.
The situation on data networks is not as rainbow. A huge number of different types of traffic, their most unusual combinations, as well as the ubiquitous use of cryptography significantly complicates the process of "legitimate interception" and puts forward additional complex-soluble requirements for SORM-2 equipment. Let us dwell on these features of the sale of SORM-2 on the network.
Today, the end user can transmit a huge amount of information on the network, and, the most diverse type (video, email, speech given, etc.).
Additional complexity of legal interception adds ubiquitous passion cryptographic protection information. When intercepting information encrypted in one way or another, it is almost impossible to decipher it without the use of keys and specialized decoders. Naturally, in the case of passive monitoring, you can intercept the keys that are transmitted over the network, but it is necessary to learn them to apply and use for a specific user. This is completely by-running functionality, but its implementation will significantly complicate the entire system of legitimate interception, and will also affect its speed.
In addition to these difficulties, the installation process and implementation of the subsystem of cum on data networks is accompanied by a number of difficulties associated with organizational features. But one of the most common problems are possible inconsistencies with the consoles of the management of the SORM.
In the absence of clearly formulated requirements and standards to data exchange channels between the filtering device and the Sorph, the complexity is inevitable during information transfer, and even when the equipment is connected to each other. This problem expires from the fact that the equipment of the SORM installed in law enforcement agencies and the passive monitoring system operating on the operator's network is usually produced by various companies, often in foreign, and have unique interfaces of interaction incompatible with each other.
In this situation, the SORM-2 process management team will not be fully or ignored. Therefore, additional devices will be required to dock such equipment - converters that will be able to fully transmit the entire amount of information from the filtering unit to the filtering device.
Thus, the implementation of final products that allow you to install SORM-2 on existing communication networks is a fairly confusing and ambiguous process, which is accompanied by high development and installation costs. Unfortunately, most of these costs lie on the shoulders of the telecom operator and the provider.
In addition, the lack of a clear legal base and extremely formulated requirements do not allow you to create products that can definitely be installed on communication networks, in contrast to the cum on telephone networks.
In this regard, the implementation of these products for Internet service providers and SPD operators for 2009 is not appropriate, therefore many companies are in a hurry manufacturers of equipment in the framework of SORM-2. And continue to develop the direction of telephony, including IP telephony, withdrawing legitimate interception in this area to a qualitatively new level.
How online traffic monitoring is working
In accordance with licensing conditions, the telecom operator before the start of operation of its network (ie, the provision of subscribers) should obtain permission to operate the authority that was called Rossvyaznadzor, Rossvyazokhrankulture and the thousand other names (they changed on average every two years). For 2009, he is called Rossvyazkomnadzor. Permits are issued in accordance with the rules approved by the government, in which black on the white is written that the operator must resolve the issue with a summary, what to present a "paper" in supervision.
This issue is solved, and the piece of paper is presented for the signature only FSB and anyone else. No authorities of the Ministry of Internal Affairs - neither local ATS, nor the "K" department, or tax, nor anyone else has nothing to do with it. Only FSB can monitor Internet traffic. Other organs or departments have physically no technical capabilities for this - they do not put any equipment. By the way, it is still indirectly follows from the fact that when something from the operator / Hoster needs the same department "K" - he is forced to send an official document on his letterhead and signed by the head. No one can simply call and ask to "throw off the traffic info here from this IP" - Operators / CHOSTERS In such cases, they usually simply "send" and asked to send an official request.
Let us return to our telecom operator who needs to coordinate the issue of Sorrow with the FSB. Yes, formally, the operator should really buy special equipment for $ 10K and stretch into local UFSB a dedicated communication cable. However, no one does not do this from small providers. Everyone is limited to an agreement with the FSB to cooperate if they have any questions (in fact, they simply exchange contacts with their officer-curator and FSBShnoy technician), and the signing of the "Protocol on the procedure for interaction in the commissioning of the SORM" (or "commissioning plan. .. "), the essence of which, if present briefly, is reduced to the fact that the provider undertakes to make a" real "cormor someday then (usually in five years). There is a classic principle of Kojj Nasreddin - after five years or the company will close, or money will earn money on a full-fledged grade, or something else will change. Moreover, many in five years later sign the following the same protocol and do not blow on the mustache.
What happens if someone from the provider's customers really sells spare parts from helicopters or somehow threatens federal safety? Well, just call (or even write via e-mail) and ask to make TCPDUMP traffic from a specific address, and then throw them on FTP. Provider takes and does. That's all, actually.
If the provider has become quite large and already "matured" in order not to mess with dumps - it sets the FSBSH equipment. What does it represent? I can't vouch for everyone and everything, but what I saw was the usual self-assembly computers in the beenesysrack rack cases with the installed Linux and two networks - "Login" and "Exit". At the "entrance" of the provider simply mirror "IT traffic (its Internet, but to NAT" and, of course), and on the "output" assigns (well, that is, reports in the FSB, and they will assign themselves) external IP, which all this is managed. What is specifically spinning under Linux I, of course, do not know, but here and seven spans in the forehead do not need to be - some package analyzer so that you can "lack" only what is required and not to drive tons of traffic into the FSB Centre.
In the comments, indicated that the self-assembly mentioned in the topic is no longer used. Yes, I really saw this year 3 years ago. I am glad for our FSBSHNIrs that they began to order equipment from other contractors - which are used or ready-made vendor servers or collect something more or less decently looking.
If you look really from the practical side, then "terrible and terrible" sorp is not a big brother and an attempt to allocate and enslave. This is really a means of protecting the security interests of the state, which is used only for this and in general solves quite modest and limited tasks.
2013: FSB receives full access to user traffic
In October 2013, it became known that the Internet providers working in Russia would have to establish by July 1, 2014 the equipment for writing Internet traffic and its storage for a period of at least 12 hours. Direct access to this equipment will have Russian special services, the Kommersant newspaper reported.
The newspaper has a letter "VimpelCom" in the Ministry of Communications Communications, in which the operator criticizes the draft of the Ministry of Operational-Wanted Events on the Internet, the FSB has already agreed. The document expects registration in the Ministry of Justice and is likely to come into force in 2013.
In the letter, the provider indicates that the provisions of the order "violate the rights guaranteed by the Constitution of the Russian Federation (Art. 23, 24, 45)", in which the right to inviolability is enshrined private life on the secret of correspondence, telephone conversations, postal, telegraph and other messages, the restriction of this right is allowed only on the basis of judicial decision, and the collection, storage, use and dissemination of information about the privacy of the person without its consent is not allowed.
Information on the existence of this order, the newspaper was confirmed by three sources in the telecommunications market, including the Rostelecom manager.
As a result of the entry into force of the document, the equipment installed in providers will record all data packages that come to providers and store them at least 12 hours.
The order describes how information about the Internet users will be transmitted to special services. In particular, these are telephone numbers, IP addresses, account names, "Email Addresses in Mail.Ru Services, Yandex.ru, Rambler.ru, Gmail.com, Yahoo.com, etc."; ICQ identifiers, mobile device identifiers (IMEI), identifiers called and causing Internet telephony subscribers.
In addition, the order project obliges providers to transfer information about the location of subscriber terminals of users of Internet telephony service users: Skype, etc.
By this time, the SORM-2 equipment was installed in the networks of Russian providers (the system of operational-search activities), and, according to the 2008 rules, they are already required to transfer phone numbers in the special service and the location of mobile subscribers, but are not required to record this data.
A new order, as the newspaper writes with reference to the security director of the united company "Athens-Rambler-Sup" Alexander Relik, is the update of 2008 requirements, taking into account the "modern realities": "We transfer our traffic to the FSB node. The equipment of the grade that is installed with us is just a interface of the interface with the technical means of the FSB. All processing is carried out on the FSB node. "
According to the expert, after the entry into force of the Project of the order, providers will send no more data to the FSB than it sends now, and the responsibility for possible abuses should lie on the bodies that receive information.
According to VimpelCom's preliminary calculations, annual investments in equipment will be $ 100 million, according to MTS estimates - about 300 million rubles. According to the source of the newspaper in one of the ministries, the installation and operation of the equipment of the SORM is now paid by operators, although the state should pay the state for the grade.
Corm (Sokr. from FROMextent of technical means to provide functions aboutperativno- roccupants m.events) - a complex of technical means and measures designed to carry out operational search activities in telephone, mobile and wireless communication networks and radio communications (according to the law "On Communication" and the order of the Ministry of Communications No. 2339 of August 9, 2000).
The concepts of "SORM-1" should be distinguished (a system of listening to telephone conversations, organized in 1996) and "SORM-2" (the name is proposed by V. Ionov - the system of the logging of access to the Internet), developed by the Working Group of Representatives of the State Committee of Russia, FSB of Russia, Central Communications and Headsvandzor under the leadership of Yu. V. Zlatkis and organized in 2000 (PTP, KTKS).
2019
As operators are followed by Russians on the example of MTS. Secret documents hit the Internet
On September 18, 2019, it became known about the leakage of data from Nokia, as a result of which some details of the operation of technical equipment systems were disclosed to ensure the functions of operational-search activities (sorm).
Confidential files found Cyber's research director at Upguard (specializes in information security) Chris Vickery. The data was kept on the RSync backup server on an unprotected network disk that belonged to the Nokia Networks employee, which for many years supplies MTS equipment and services to update telecommunication networks.
In open access, there were detailed information on the placement of operational search engines on the territory of the Russian Federation. In particular, we are talking about the instructions for installing the equipment and its detailed schemes and images, information about accounts and the names of employees and subcontractors, their phone numbers, the list of cities where servers were located. The total amount of information was 1.7 TB.
In addition, 245 GB of Outlook data in PST (mail archives) were made public, various contractual agreements (PDF-Files), as well as RAR, ZIP and other archives, containing backup copies of documents, project proposals, operation manuals, reports progress and so on.
Inventory of network equipment, information on IP addresses and employee names, as well as progress notes were spelled out in Excel -tables. Another type of confidential files that came to the network is the schemes and design of network equipment. They were accompanied technical documents and location information.
Among the data that turned out to be generally available, the experts discovered photos and instructions for installing the production of Nokia manufactured by MTS in 2014-2016. Judging by these materials, the systems are in Vladimir, Lipetsk, Ivanovo, Kaluga, Kostroma, Bryansk, Smolensk, Ryazan, Belgorod, Voronezh, Kursk, Orel, Tula, Tver, Tambov and Yaroslavl.
Published UpGuard excerpts from the secret archive do not allow to accurately assess how critical information is the photos of gray metal cabinets with fans and letters of cormarity, as well as placing plans where they are installed, it is unlikely to create a threat to the national security of Russia.
In Nokia, explains that the company provides and installs the "port" on the network, which provides the connection of the cum and the subsequent legitimate interception of the data. In this case, Nokia itself does not store, does not analyze and does not processes such data. This is done by Malvin Systems, which offers a compatible technology that is installed on top of the "port" of Nokia. This technology provides the collection and storage of user information.
It turned out that the upgraded capabilities of the MTS network allow the government to access the database of each, to whom it is allowed to use the cellular network, including its international mobile subscriber identifier and SIM card data.
In addition, it follows from the documents that with the help of security forces can access the HLR (Home Location Register) database, which contains data on each subscriber, including location and information about the services that the user requested or received.
The documentation also mentions Signaling System 7 (SS7) - a set of signal protocols used to configure most telephone stations. SS7 allows cellular networks to install and route calls and text messages. It is noted that this protocol cannot be considered safe, and it can be used for hacking.
Operators are aware of the deficiencies of SS7 safety and implement additional means of protection, but cannot fully solve problems due to network architecture features: it has been designed for a long time and does not take into account the modern possibilities of cybercriminals. SS7 security problems remain relevant, despite the emergence of networks using a different alarm system, since communication operators must provide support for 2G and 3G standards and interaction between networks of different generations.
According to experts, these data could theoretically use attackers for hacker attacks or to remotely intervene in the work of the sorpet and spoil the equipment.
UpGuard told Nokia about entering outdoor information unprepared for public viewing. The Finnish company reacted to the alert only four days later and decided the problem.
As the representative of Nokia Katj Antila explained, the company's operating officer connected the UBS-acquisition with the old working documents to the home computer. Due to the configuration error, access to the computer and flash drive turned out to be freely open via the Internet without authentication. The company continues to investigate, according to TechCrunch publication of September 18.
Although the surveillance of users in Russia is permitted by law related to the SORP, the work is classified and demanding special certificate certificates from engineers. Equipment for grab is purchased only from a small list of selected companies.
The Ministry of Communications has made changes to the rules of the equipment of the SORM
On July 5, 2019, it became known that in the framework of the execution of Article 13 of Law No. 374-FZ "On Amendments to the Federal Law" On Countering Terrorism "by the Order of the Ministry of Communications of the Russian Federation amended in the Federal Law" On Communications ". In particular, in" Rules Applications of switching systems, including softwareproviding assigned actions when conducting operational search activities. Part III ". You can get acquainted with the full text of the order.
In accordance with the document on telecom operators, additional responsibilities are assigned:
- make the technical means of operational search activities (ORM), established on nodes of communication networks by technical means of accumulation of information;
- perform certification of additional technical equipment ORM.
Reportedly, the document comes into force 10 days after the publication, which took place on July 3, 2019. According to N. federal portal Projects of regulatory acts, work on the project of this order began in the fall of 2016.
Means of accumulation of information for grab must be Russian origin
On May 31, 2019, it became known that the means of accumulation of information that Russian law enforcement officers are used for wiretapping lines during the investigation, should from now russian origin. We are talking about technical equipment systems to provide functions of operational-search activities (sorm).
The corresponding decree of the Russian government appeared on the portal of official publication of legal acts. The ruling makes the necessary changes to the storage rules of communication operators and user calls. The document was prepared by the Ministry of Communications, FSB and the Ministry of Industry.
According to the decree, "technical means of accumulation of information included in the equipment of communication equipment that ensures the implementation of the established actions during operational-search activities should have an enforcement of the specified equipment on the network operator's network. Conclusion on confirming the production of industrial products in Russia."
These information accumulation means must comply with the requirements for data storage systems established by the Government Decision on Confirmation of Industrial Products in Russia, "which was accepted in July 2015.
The input rules do not apply to equipment, whose acquisition agreements were concluded before the resolution entered into force.
According to the authors of the document in an explanatory note, these rules should help ensure the information security of the Russian communication infrastructure in terms of sanctions from western countries. The purpose of the decision is to secure the infrastructure from hacker attacks, which use vulnerabilities in foreign equipment. The ruling should also support Russian radio electronics producers and increase their competitiveness.
2017
Most communication operators do not provide stable operation of SORM-2
The FSB is experiencing difficulties in finding intruders using IP telephony because of the problems in the operation of the operational and search operations system (SORM -2) installed on the networks of operators, RBC reports.
As the publication correspondents found out during the journalistic investigation, most of the telecom operators are somehow violated the requirements for installation and maintenance uninterrupted work SORM-2. The system works with violations or does not work at all in 70% of operators.
According to experts, this statistics are due to several factors. The first of them is economic, the installation of the cum is carried out by the operator in his own account according to an individual plan approved by the local FSB. Thus, most operators are cheaper to pay a fine (about 30 thousand rubles) than to install expensive equipment.
Secondly, some operators are experiencing technical difficulties regarding the compatibility of their equipment with the FSB complexes. In particular, in the Sakhalin and Kostroma regions, VimpelCom did not record user traffic, since it was technically impossible and required a large-scale replacement of equipment.
Analyzed judicial practice For 2016 - 2017, journalists found that for the reporting period Roskomnadzor based on the FSB appeals opened 451 cases administrative violations In connection with the problems in the work of various types of grades or tightening the deadlines for the implementation and modernization of complexes. In 86% of cases, operators were found guilty of "implementation business activities With violation of the requirements and conditions provided for by the license. " In 196 cases, operators paid fines in the amount of 30 thousand rubles, provided for by Part 3 of Article 14.1 of the Code of Administrative Offenses of the Russian Federation, and in 192 cases there were warnings.
The largest number of violations associated with the work of the Correction was recorded at the VimpelCom operator (Beeline), in respect of which 29 administrative cases were commissioned over the past two years in various regions, of which 25 were finished with a fine. In second place in the number of violations, MTS, 13 administrative cases are instituted against it. For six arbitration cases, it was initiated against Rostelecom, Scartela (Yota) and MTT, two cases were headed against MegaFon, in one case the defendant was "T2 Mobile" (Tele2).
By accessing the FSB feed, the system can fix or not. Operators only connect the equipment to their network, but cannot control the contacts of the special services to users. Special services can listen to citizens only after receiving the appropriate court permission. According to the judicial department Supreme Court Russia, in 2016 the courts general jurisdiction Gave 893.1 thousand such permits to law enforcement agencies. According to statistics, in the period from January to June 2017, the number of requests for disclosing the secrets of correspondence and the listener of telephone conversations of citizens has decreased.
Ministry of Communications has prepared requirements for equipment for Internet services
For Internet services operating in Russia and entered into the register of information dissemination organizers, have developed requirements for the equipment of cinder. The author of them was the Ministry of Communications and the Office prepared the department of the order "On approval of equipment requirements and software and technicians used by the Organizer of Dissemination of Information on the Internet" in the Internet operated information systemsproviding assigned actions when conducting operational and search measures, including a storage system, "and put it on public discussion.
According to current legislation, the services entered into the register of information dissemination organizers (Ori) must transfer information about users upon request of authorized government agencies (FSB). If the services refuse to do this, they fall into another registry - prohibited sites - and are blocked to access users in the country.
At the same time, according to the Federal Law of May 5, 2014 No. 97 "On Amendments to the Federal Law" On Information, Information Technology and Information Protection "and individual legislative acts The Russian Federation on the streamlining of information using information and telecommunication networks ", the organizers of the dissemination of information on the Internet, as well as telecom operators, are required to use special equipment to collect custom metadata.
Until now, the execution of this requirement from Ori, no one asked because there were no industry requirements for the necessary equipment and software and technical means. The situation is planned to be corrected, for which the Ministry of Communications and prepared the corresponding draft order.
By the way, the document contains requirements not only to the hardware itself, but also to the information that Ori is obliged to collect when his help. This is a user ID, date and time of registration (in case of conclusion of a service agreement is also a date and time of conclusion of the agreement), alias, full name, date of birth, specified by the user address of residence, passport data or other identity documents, list of languages \u200b\u200bowned by User, list of references specified by the user, information about accounts In other services, the date and time of authorization and exit from the service, the IP address, contact details (phone number and email address) used by the user, text messages, audio and video calls, transmitted files, detained payments, location, location .
The main question (as in the case of communication operators), which comes to Internet services - who will pay for the acquisition and installation of the appropriate equipment? Currently, this is not specified in the document. Most likely it will fall on the shoulders of the organizers of the dissemination of information.
2016
Sorph developer began to look for contractors for deciphering correspondence in messenger
CON CERTEZA, which is developing technical equipment systems to provide operational search operations (SORM) on network operators, looking for a contractor for conducting research, whether to intercept and decipher the WhatsApp, Viber, Facebook Messenger, Telegram and Skype.
The document contains amendments to the Law "On Communications", which obliges Russian operators to keep data on vocational and text reports of citizens of three years. According to the project, the operators should be stored within the country for three years all the information "On the facts of reception, transmission, delivery and processing of voice information and text messages, including their content, as well as images, sounds or other messages of communication services." This information is obliged to "provide authorized state authorities carrying out operational-search activities or ensuring the security of the Russian Federation."
It is, in particular, about the amendments to the laws "On Communications" and "On Information, Information Technologies and Information Protection", which oblige communication operators and the Internet company for three years to store all negotiations of their subscribers and users.
Total monitoring of citizens
Communication operators will have to store information "On the facts of reception, transmission, delivery, and (or) processing and text messages in Russia, including their contents, as well as images, sound or other messages of communication services." Thus, we are talking about the storage of all telephone conversations, SMS -Os, Internet traffic, etc.
Now telecom operators are stored for three years information about only the subscribers and communications provided to them (that is, the details of the negotiations). In addition, there is a system of operational search activities (CORM), thanks to which law enforcement agencies can intercept telephone calls and Internet traffic subscribers.
In 2014, the SORM-3 system was commissioned, which obliges telecom operators at the request of law enforcement agencies to store Internet traffic of certain subscribers within 12 hours.
The newly adopted draft law establishes in the interests of the special services standard of storing all the negotiations of all subscribers within three years.
The amendments to the Law "On Information" concern "the organizers of the dissemination of information." This term was introduced by lawmakers in 2014. The so-called law "On bloggers". It concerns Internet services that carry out communications between users: social networks, blog platforms, etc.
Now they should store all information about their users in Russia and messages transferred to them during the six months. The new bill obliges them to store them and the messages themselves, and the shelf life, as already noted, is extended to three years.
Costs of 5 trillion rubles
The costs of telecom operators and Internet companies to implement this draft law in its current form will be 5.2 trillion rubles. Reports about it "Interfax" with reference to the conclusion of the Working Group "Communication and information Technology"Under the Government of Russia. Such experts are inappropriate, experts are warned: technical and financial resources to fulfill the requirements of the law in telecom operators are not, as not, in principle, the corresponding free repositories.
The implementation of the draft law will require a fundamental restructuring of the existing system of interaction between telecom operators with law enforcement agencies, it is said in the conclusion of experts. Now operators are connected to the special services of communication channels at a speed of 150 Mbps, this is not enough for several hundred exequate information.
Experts of the Center believe that the purpose of the bill will not be achieved anyway, since already now 49% of all transmitted traffic is encrypted, and during three years its share will grow to 90%.
2013: FSB receives full access to user traffic
In October 2013, it became known that the Internet providers working in Russia would have to establish by July 1, 2014 the equipment for writing Internet traffic and its storage for a period of at least 12 hours. Direct access to this equipment will have Russian special services, the Kommersant newspaper reported.
The newspaper has a letter "VimpelCom" in the Ministry of Communications Communications, in which the operator criticizes the draft of the Ministry of Operational-Wanted Events on the Internet, the FSB has already agreed. The document expects registration in the Ministry of Justice and is likely to come into force in 2013.
The provider indicates that the provisions of the order "violate the rights guaranteed by the Constitution of the Russian Federation (Art. 23, 24, 45)", in which the right to inviolability of privacy on the secret of correspondence, telephone conversations, postal, telegraph and other messages, restriction of this The rights are allowed only on the basis of a court decision, and the collection, storage, use and dissemination of information on the individual person without its consent is not allowed.
Information on the existence of this order, the newspaper was confirmed by three sources in the telecommunications market, including the Rostelecom manager.
As a result of the entry into force of the document, the equipment installed in providers will record all data packages that come to providers and store them at least 12 hours.
The order describes how information about the Internet users will be transmitted to special services. In particular, these are telephone numbers, IP addresses, account names, "Email Addresses in Mail.Ru Services, Yandex.ru, Rambler.ru, Gmail.com, Yahoo.com, etc."; ICQ identifiers, mobile device identifiers (IMEI), identifiers called and causing Internet telephony subscribers.
In addition, the order project obliges providers to transfer information about the location of subscriber terminals of users of Internet telephony service users: Skype, etc.
By this time, in the networks of Russian providers, the SORM -2 equipment was established (a system of operational-search activities), and according to the 2008 rules, they are already required to transfer phone numbers and the location of mobile subscribers to the special service, but not necessarily record this data.
A new order, as the newspaper writes with reference to the security director of the united company "Athens-Rambler-Sup" Alexander Relik, is the update of 2008 requirements, taking into account the "modern realities": "We transfer our traffic to the FSB node. The equipment of the grade that is installed with us is just a interface of the interface with the technical means of the FSB. All processing is carried out on the FSB node. "
According to the expert, after the entry into force of the Project of the order, providers will send no more data to the FSB than it sends now, and the responsibility for possible abuses should lie on the bodies that receive information.
According to VimpelCom's preliminary calculations, annual investments in equipment will be $ 100 million, according to MTS estimates - about 300 million rubles. According to the source of the newspaper in one of the ministries, the installation and operation of the equipment of the SORM is now paid by operators, although the state should pay the state for the grade.
2008: Start of the updated SORM-2
In early 2008, the order did not cause such a strong resonance as it was 8 years ago. His creators took into account the old errors, and did not make a document containing the requirements for channels, interfaces and data network equipment to ensure operational search activities, unlike a similar document for TFP and ATP.
However, some features of the cum on the data network are still known. For example, the SORM control panel should be able to work with AAA protocols of the provider (RADIUS or TACACS +), and, in the event of a dynamic allocation of IP addresses, all the necessary address information should be directed to the PU substant.
The main point of legal interception on the SPD is the possibility of obtaining law enforcement agencies of all information transmitted and received by the controlled user. In the conditions of the packet switching network, this task is not at all trivial and requires an individual approach for each specific network. The choice of the most acceptable option to the organization of the ORPM on the network falls on the operator, despite that it must comply with all the requirements put forward by law enforcement agencies.
Naturally, in this case, the implementation of the SORM-2 implementation on the network of service providers will be a unique project. Accordingly, its cost will be quite significant, which is undesirable for the operator, as well as the project implementation time can stretch for many months, which is already unacceptable for law enforcement agencies. For both sides, the most appropriate will be the implementation of a typical universal project, the differences of which will be concluded only in detail that do not affect its main architecture.
SORM-2 SOLLING AND INSTALLATIONS
When choosing an option for legitimate interception on the communication network, law enforcement agencies put forward their decisions on the basis of the requirements for the SORM -2, which they need to be performed. And since the requirements for legitimate interception on the data network remain fairly "amorphous" concept, then the operator has to adapt to them in each particular case.
The most suitable solution to solve the majority of the problems arising, was a system of passive monitoring of information and intercepting information on the network. The overall scheme for connecting the equipment of passive interception is shown in Fig. one .
The advantages of this scheme are obvious both for the telecom operator and for law enforcement agencies. However, it did not work out and some difficulties associated primarily with the installation and installation of a specialized "aggregating router" on the operator's network. This equipment is a point of the concentration of all traffic on the network, through which 100% of information circulating over the network passes.
If this scheme is applied on IP-telephony networks, we get a powerful tool that allows at the minimum cost from the operator and while maintaining all the necessary requirements from law enforcement agencies to implement a full range of vehicles. Such an effectiveness of its use is explained by telephone networks by the fact that the requirements for SORM-1 prescribe interception of only telephone traffic and signaling messages. Accordingly, its implementation allows you to fully implement all the requirements.
The situation on data networks is not as rainbow. A huge number of different types of traffic, their most unusual combinations, as well as the ubiquitous use of cryptography significantly complicates the process of "legitimate interception" and puts forward additional complex-soluble requirements for SORM-2 equipment. Let us dwell on these features of the sale of SORM-2 on the network.
Today, the end user can transmit a huge amount of information on the network, and, the most diverse type (video, email, speech given, etc.).
Additional complexity of legal interception adds ubiquitous passion for cryptographic protection of information. When intercepting information encrypted in one way or another, it is almost impossible to decipher it without the use of keys and specialized decoders. Naturally, in the case of passive monitoring, you can intercept the keys that are transmitted over the network, but it is necessary to learn them to apply and use for a specific user. This is completely by-running functionality, but its implementation will significantly complicate the entire system of legitimate interception, and will also affect its speed.
In addition to these difficulties, the installation process and implementation of the subsystem of cum on data networks is accompanied by a number of difficulties associated with organizational features. But one of the most common problems are possible inconsistencies with the consoles of the management of the SORM.
In the absence of clearly formulated requirements and standards to data exchange channels between the filtering device and the Sorph, the complexity is inevitable during information transfer, and even when the equipment is connected to each other. This problem expires from the fact that the equipment of the SORM installed in law enforcement agencies and the passive monitoring system operating on the operator's network is usually produced by various companies, often in foreign, and have unique interfaces of interaction incompatible with each other.
In this situation, the SORM-2 process management team will not be fully or ignored. Therefore, additional devices will be required to dock such equipment - converters that will be able to fully transmit the entire amount of information from the filtering unit to the filtering device.
Thus, the implementation of final products that allow you to install SORM-2 on existing communication networks is a fairly confusing and ambiguous process, which is accompanied by high development and installation costs. Unfortunately, most of these costs lie on the shoulders of the telecom operator and the provider.
In addition, the lack of a clear legal framework and extremely formulated requirements do not allow creating products that can definitely be installed on communication networks, unlike the sorpter on telephone networks.
In this regard, the implementation of these products for Internet service providers and SPD operators for 2009 is not appropriate, therefore many companies are in a hurry manufacturers of equipment in the framework of SORM-2. And continue to develop the direction of telephony, including IP telephony, withdrawing legitimate interception in this area to a qualitatively new level.
How online traffic monitoring is working
In accordance with licensing conditions, the telecom operator before the start of operation of its network (ie, the provision of subscribers) should obtain permission to operate the authority that was called Rossvyaznadzor, Rossvyazokhrankulture and the thousand other names (they changed on average every two years). For 2009, he is called Rossvyazkomnadzor. Permits are issued in accordance with the rules approved by the government, in which black on the white is written that the operator must resolve the issue with a summary, what to present a "paper" in supervision.
And the order of the Ministry of Communications No. 2339 of August 9, 2000, this is a complex of technical means and measures designed to carry out operational search activities on telephone, mobile and wireless networks.
Sorph equipment is installed in communication service operators, and remote controls, servers and data storage systems are located at the special services. Communication services operators are mobile operators and Internet service providers. In the near future, companies are added to the company responsible for servicing electronic water accounting devices transmitting data through wireless channels.
In its development, the sorp passed three stages.
SORM-1: Analysis of telephone conversations
The system of listening to telephone conversations SORM-1 was created in 1996. Now, each cellular operator has special equipment that records all conversations and SMS, while maintaining communication session parameters. Until 2009, this information was kept in test-centers of the special services for 3 months, now 6 months, and in general, according to standards, 3 years should be stored.
SORM-2: Analysis of Internet traffic
The communication of the communication sessions of appeals to the Internet SORM-2 network was created in 2000. The provider's internets also has special equipment that recording Internet traffic of all its subscribers, including the contents of mail and IM protocols, including ICQ and Jabber. SORM-2 also suggests storing information in test-centers of special services for 3 years.
SORM-3: Comprehensive analysis of information, including - obtained by audioomonitoring of residential premises using household electronic water metering devices
The system of comprehensive control and analysis of SORM-3 information is created since 2009. This is a very expensive and ambitious project started before the crisis. According to my familiar experts, its total cost will be about 1.2 trillion rubles, of which more than 400 billion rubles will be spent on the creation of a solid audio system system ("wiretap") of residential premises with the help of "smart" water metering devices.
In 2009, the SORM-3 was purchased supercomputer peak performance up to 50 TFLOPS. Its analog looks like this.
The tasks that are set before the SORM-3 (by quoting the documentation):
"1) To bring information from all sources to one place: SORM-1 telephone service system, SORM-2 Internet traffic control systems, newly created in 2011-2015, solid audio monitoring systems of residential premises using household electronic water metering devices, street systems video surveillance cameras, as well as specialized databases (passport, tax, banking, traffic police) and voice bank data;
2) Analyze this information in automatic mode with the ability to search for correlations. "
SORM-3 will be able to issue structured information about any person (telephone numbers, calls, contacts, movements, topics of talking at home, visited sites, etc.) or apartment. For example, SORM-3 will be able to automatically compare the recording of visitor's conversations with some of interest to the apartment you are interested in, obtained using a listening device in the apartment water metering, with records of all mobile calls recorded at this time in this area - and find out the personality, a circle of communication and a travel route visitor.
If possible, the SORM-3 itself must warn about preparing crimes. This system, like an American analogue "Echelon", responds to certain words, phrases or symbols in emails, as well as in conversations by phone or in the apartment. For example, conversations are automatically recognized on Chechen or Arabic, or the use of numeral in an unusual context ("five boxes of iron cucumbers"), etc. The records of these conversations will be analyzed by experts.
Blowing device in the water meter of your apartment
How will this "system of continuous audioomonitoring of residential premises using household electronic water metering devices", or, simply speaking, "wiretapping" will be technically implemented?
In accordance with the Federal Law on Energy Saving and Enhancing Energy Efficiency of November 23, 2009 No. 261-FZ, in 2011, an organization certified by the Ministry of Communications of the Russian Federation will be enshrined for each house, since the data will be transferred from your apartment through wireless channels. This organization will enter into a contract with you and with hot and cold water with utilities (for example, in Moscow it is "Mosenergo" and "Mosvodokanal") for installation and maintenance certified"Smart" water meters.
In addition to the electronic water meter itself and the radio mode, which transmitting data on the water flow data in your apartment to the server, this device will be equipped with a powerful radio microphone (most likely, with a voice in vote) and a digital recording device. The device will record all the conversations in the room, compress the data in a special format and at certain time intervals, download them to special equipment connected to the tests of special services.
How to treat this neighborhood in your apartment?