UPDATED 20:44 EDT / JULY 21 2019


Hackers steal secret data from Russian state security agency contractor

A hacking group apparently stole 7.5 terabytes of data from a contractor for Russia’s FSB state security agency, exposing various secret projects, including one to make traffic on the anonymity network called Tor no longer anonymous.

The hack targeted an FSB contractor called SyTech. The group claiming to be behind the hack, called 0v1ruS, said it hacked the contractor July 13, compromising SyTech’s Active Directory server. That gave it access to the company’s entire information technology network, including an instance of the software development tool Jira, according to ZDNet.

In the process, the hackers also defaced the SyTech site to show a “yoba-face” (pictured) as proof that they had infiltrated the company. However, although a website defacement proves little, the stolen files are another thing. They’ve since been leaked to BBC Russia and other hacking groups.

Leading that pack was a project called Nautilus-S that had been designed to deanonymize Tor traffic and create a database of Tor users and devices. Tor is a free overlay network consisting of relays that conceal a user’s location and usage from network surveillance and traffic analysis. The network is popular with activists because it bypasses censorship as well as hiding the identity of those using the network much to the disdain of some governments.

The project is said to have started in 2012 before being put to use in 2014. That’s the same year researchers in Sweden discovered 25 malicious Tor relays linked to Russia.

According to the leaked data, a project simply called Nautilus was developed between 2009 and 2010 to collect information on social networks such as Facebook and LinkedIn. Mentor, a project being developed for Russian military unit No. 71330, is said to have been designed to monitor email for phrases. Another project called Reward was designed to penetrate and perform covert operations on peer-to-peer networks such as BitTorrent and Jabber.

A notable project detailed in the stolen data called Nadezhda was designed to visualize how Russia connects to the rest of the internet as part of a proposal for Russia to establish its own “sovereign internet” separate from the rest of the world. Russia passed a law in May that would allow agencies to do exactly that, complete with an alternative domain name system.

SyTech has not responded publicly to the claims and has shut its website down. The Twitter account for the 0v1ruS hacking group which shared some details of the hack has also been shut down but only in the last 24 hours. It’s not clear whether Twitter nixed the account or the group itself pulled the plug.

Image: 0v1ruS

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy