Among other things, the company SyTech deals with the deanonymization of TOR traffic. Further projects are aimed at users of social media as well as students and pensioners. The hackers crack an Active Directory server and capture around 7.5 GB of data.
The Russian company SyTech, which works for the domestic intelligence service FSB, was apparently the target of a hacker attack. The unknown perpetrators were given information about internal projects of the Moscow-based organization. Among other things, SyTech deals with the de-anonymization of TOR traffic on behalf of the FSB.
Hackers breach FSB Contractor
The break-in took place on July 13th. The hackers, who call themselves 0v1ru $, entered SyTech’s Active Directory server, giving them access to the company’s entire network. Among other things, they compromised an instance of the Jira project tracking software.
Overall, they captured 7.5 GB of data from the FSB supplier. They also hijacked his website and showed there a so-called Yoba Face, a popular in Russia Emoji, which stands for trolling.
This second group finally made public the stolen data late last week and also handed it over to journalists. They want to have found in their analysis that SyTech at least since 2009 worked for the FSB. That’s what BBC calls Russia
Under the name Nautilus-S, SyTech tried to de-anonymize the traffic of TOR networks with the help of fake TOR servers. Hope, in turn, was supposed to uncover the topology of the Russian Internet and its connections to the networks of other states.
In addition, on behalf of the FSB, SyTech developed an intranet for highly confidential data of senior officials such as judges and local government representatives, which is separate from the rest of the state IT network. Other projects are said to have dealt with protocols such as Jabber, ED2K, and OpenFT. However, files published by the Digital Revolution on Twitter also suggest monitoring students and retirees.
At least two of these projects have been demonstrably implemented. According to BBC Russia, the project to de-anonymize TOR traffic started in 2012. About two years later, researchers from Karlstad University in Sweden discovered that fake TOR exit nodes are trying to decrypt TOR traffic. 18 of the 25 dangerous TOR servers were found in Russia. On them ran the TOR version 02.2.37, which is now also called in the leaked files from SyTech.
The second implemented the project is Hope for analyzing the structure of the Russian Internet. The results of this project allowed Russia earlier this year to test the national Internet from the rest of the World Wide Web.