A hacking group that distributed files stolen from a Russian contractor to the media last week has published some of the documents online. After posting tweets taunting the Russian government, Digital Revolution exposed 170Mb of files relating to secret projects on a file-sharing server.
The files were reportedly stolen from SyTech, a contractor that was working for Federal Security Service (in Russian, the FSB), which is Russia’s primary security agency and the successor to the Soviet KGB. The hackers stole 7.5TB of data on projects that SyTech had developed for the Russian government, reported BBC Russia on Friday.
Most of SyTech’s work was conducted for Russian military unit 71330, according to the BBC report. This group handles signals intelligence as part of the FSB.
Projects reportedly detailed in the 7.5TB cache include Nautilus, a software product designed to scrape social networks including Facebook and LinkedIn for information on users. Another, called Nautilus-C, investigated the potential to deanonymize Tor, the onion routing network commonly used to surf the web anonymously and to access a dark web of anonymous sites.
The Nautilus-C project, begun in 2012, suggested populating the community of Tor relays with malicious servers that could intercept traffic and also serve up fake content. In 2014, Swedish researchers wrote about an active project to mount man-in-the-middle attacks using malicious relays and found several Tor relays using the same root certificate operating on a single Russian netblock.
The data was reportedly stolen by a hacking group called 0v1ru$. It shared the data with Digital Revolution, which had set up a secure digital drop on 2 May. Digital Revolution sent the data to BBC Russia and also posted the following message on 17 July, along with what appear to be screengrabs of documents from the leak:
Все мы, журналисты, студенты и даже пенсионеры, находимся под навлюдением ФСБ. Присоединяйтесь к нам, как и 0V1ru$, защищая наше будущее! Они не заглушат наши голоса! @tjournal @Dobrokhotov @bbcrussian @unkn0wnerror pic.twitter.com/HUYDas7FSN— DigitalRevolution (@D1G1R3V) July 18, 2019
[Translated] All of us, journalists, students and even pensioners, are under the supervision of the FSB. Join us, as well as $0V1ru, protecting our future! They will not drown our voices
Then, later that day:
Эй, ФСБ, как там у вас получается с Натиском-2? Может стоило бы поменять название проекта на Дуршлаг-1? @Dobrokhotov @RuBlackListNET @leonidvolkov @msvetov @shaveddinov @kozlyuk @RuHackersNews @the_ins_ru @tjournal @kmartynov @bbcrussian pic.twitter.com/RjKCFnXWlT— DigitalRevolution (@D1G1R3V) July 18, 2019
[Translated] Hey, FSB, how are you doing with Onslaught-2? Maybe it would be worth changing the name of the project to Colander-1?
Yesterday, Monday 22 July, the group posted another message on Twitter, offering some of the files for download, along with a message on its website:
Thank you all for support in our struggle with the Kremlin’s lawlessness. Our movement is growing. We will continue to expose the projects, showing how our government trying to shove us all under the hood answered the FSB-related control.
We offer to your attention some documents that are shared with us hacker group 0V1ru$. Very grateful to them – guys justify our trust.
The 20 folders posted online Monday included several documents relating to Hope, which is a project to visualise Russia’s connection to the outside internet, conducted in 2013 and 2014. Another project, Tax-3, focused on the manual removal of selected peoples’ information from Russia’s Federal Tax Service.