As the war in Ukraine unfolded last year, Russia’s best digital spies turned to new tools to counter enemies on another front: those opposing the war inside Russia.
To aid in the internal crackdown, Russian authorities have amassed an array of technologies to track citizens’ online lives. After invading Ukraine, its demand for more surveillance tools grew. This has spurred a cottage industry of technology contractors producing products that have become a powerful and novel means of digital surveillance.
These techniques have given the police and Russia’s Federal Security Service, better known as the FSB, access to a range of snooping capabilities targeting the daily use of phones and websites. The tools provide ways to track certain types of activity on encrypted apps like WhatsApp and Signal, monitor the location of phones, identify anonymous social media users and hack into people’s accounts, according to documents from Russian surveillance providers obtained by The New York Times. As well as security experts, digital activists and those involved in the country’s digital surveillance operations.
Russian President Vladimir V. Putin ( Vladimir V. Putin relies more on technology to wield political power. In doing so, Russia — which once lagged authoritarian regimes like China and Iran in using modern technology to exert control — is quickly catching up.
“It makes people very paranoid, because if you communicate with anyone in Russia, you can’t be sure that it’s safe. They’re very actively monitoring the traffic,” said Alina Poe, a Russian opposition politician and digital rights activist. Alena Popova said. “It used to be only for activists. Now they’ve extended it to anyone who doesn’t agree with the war.”
The effort has provided funding to a group of relatively unknown Russian tech companies.Many businesses are owned by the Citadel group, which was once partly controlled by Alisher Usmanov, who was targeted by the EU sanctions As one of Mr. Putin’s “favorite oligarchs”. Some companies are trying to expand abroad, raising the risk that the technologies won’t stay on Russian soil.
These companies — such as MFI Soft, Vas Experts and Protei — typically start by building pieces of Russia’s intrusive telecom-tapping system, before moving on to produce more advanced tools for the country’s intelligence services.
According to the documents, which include engineering schematics, emails and screenshots, easy-to-use software that plugs directly into telecommunications infrastructure now offers a Swiss army knife of espionage possibilities. The New York Times obtained hundreds of documents from a person with access to internal records, about 40 of which detail the surveillance tools.
One program outlined in the materials recognizes when people make voice calls or send files through encrypted chat apps such as Telegram, Signal and WhatsApp. The software can’t intercept specific messages, but it can determine whether someone uses multiple phones, track communications with others to map their network of relationships, and triangulate phones in specific locations on specific days. Another product can harvest passwords entered on unencrypted websites.
The technologies complement other Russian efforts to shape public opinion and suppress dissent, such as a propaganda blitz against state media, tighter internet censorship and new initiatives to collect data on citizens and encourage them to report social media posts that undermine the war.
They provide a ready-made toolkit for dictators looking to control speech and behavior online. A document outlining the capabilities of various technology providers referred to a “wiretapping market,” a supply chain of equipment and software that pushes the limits of digital mass surveillance.
Adrian Shahbaz, vice president of research and analysis at Freedom House, a democracy advocacy group, said the authorities were “essentially incubating a new breed of Russian companies that were driven by state repression.” arising out of sexual interests”. oppression. “The spillover effects will be felt first to the surrounding region and then potentially to the whole world.”
Beyond the “tapping market”
For the past two decades, Russian leaders have struggled to control the internet. To get around this, they ordered the system to eavesdrop on phone calls and unencrypted text messages. They then require internet service providers to store records of all internet traffic.
The ever-expanding program — formally known as the System of Operational Investigative Activities (SORM) — is an imperfect means of surveillance. Telecommunications providers in Russia often install and update technology incompletely, meaning the systems don’t always work properly. The influx of data can be huge and unusable.
At first, the technology was used against political opponents, such as supporters of jailed opposition leader Aleksei A. Navalny. Digital rights experts say demand for these tools has increased following the Ukraine invasion. Russian authorities sought more help from local tech companies that built the old surveillance system.
The move has benefited companies such as Citadel, which has acquired many of Russia’s largest makers of digital bugging equipment and controls about 60% to 80% of the market for telecommunications surveillance technology, according to the State Department.United States announced Sanctions against Citadel and its current owner, Anton Cherepennikov, In February.
“Military and communications-related sectors are now receiving a lot of funding to adapt to new demands,” said Ksenia Ermoshina, a senior research fellow at the Citizen Lab Research Russian Surveillance Corporation, a research arm at the University of Toronto. “
These new technologies have given Russian security services greater insight into the internet. A chart shows that a tracking system from Citadel subsidiary MFI Soft helps display information on telecom subscribers and a statistical breakdown of their Internet traffic on a dedicated dashboard for use by regional FSB officials.
Another MFI Soft tool, NetBeholder, can map the positions of two mobile phones during the day to discern if they meet at the same time, indicating a possible meeting between people.
Another feature uses location tracking to check whether multiple phones are frequently in the same area, inferring whether someone is likely to use two or more phones. With full access to telecommunications network user information, NetBeholder’s system can also find out which region of Russia each user comes from or which country a foreigner comes from.
Another company, Protei, offers a product that provides speech-to-text transcription of intercepted calls, as well as tools to identify “suspicious behavior,” according to a document.
Ms Elmoshner said Russia’s sprawling data collection and new tools made up a “killer combination”, adding that such capabilities were becoming more common across the country.
Citadel and Protei did not respond to requests for comment. A spokesman for Mr Usmanov said he had “not been involved in any management decision over the years” involving parent company USM, which owns Citadel until 2022. Mr. Usmanov, who owns 49 percent of USM, sold Citadel because surveillance technology was never in the company’s “sphere of interest,” the spokesman said.
Demand for its tools has increased “due to the complex geopolitical situation” and the number of threats in Russia, the VAS expert said. The company said it “develops telecommunications products, including tools for lawful interception, for Russian FSB officers to fight terrorism,” adding that if the technology “can save at least one life and the well-being of the people, then our work There is a reason.” “
no way to hide
As authorities clamp down, some citizens have begun using encrypted messaging apps to communicate. However, security services also found a way to track those conversations, according to documents reviewed by The Times.
A feature of NetBeholder takes advantage of a technique called deep packet inspection, which is used by telecom service providers to analyze where their traffic is going. Similar to mapping the flow of water in a stream, the software cannot intercept message content, but it can identify which data is going where.
That means it can pinpoint when someone is sending a file or making a voice call through encrypted apps like WhatsApp, Signal or Telegram. This enables the FSB to access important metadata, which is general information about communications such as who is talking to whom, when and where, and whether a file was attached to the message.
In the past, to obtain such information, the government had to ask the makers of apps such as Meta, which owns WhatsApp. Those companies then decide whether to offer it.
These new tools have alarmed security experts and makers of encryption services. Security experts said that while many knew such products were theoretically possible, they were unaware that they were now being made by Russian contractors.
Some encrypted apps and other surveillance techniques have already begun to spread outside of Russia. Marketing documents show that the product is being sold in Eastern Europe, Central Asia, Africa, the Middle East and South America. in january, Citizen Lab An Iranian telecommunications company used Protei equipment to log internet usage and block websites, the report said. Ms Yermoshna said the systems were also present in Russian-occupied areas of Ukraine.
For the makers of Signal, Telegram and WhatsApp, there are few defenses against such tracking. That’s because authorities are taking data from internet service providers through a bird’s-eye view of the network. Encryption can mask the sharing of specific messages, but not the exchanged records.
“Signal was not designed to hide the fact that you are using Signal from your own Internet service provider,” Signal Foundation President Meredith Whittaker said in a statement. People concerned about this type of tracking use the ability to send traffic through different servers to obfuscate its origin and destination.
Telegram, which does not encrypt all messages by default, also said in a statement that it could do nothing to block traffic to and from the chat app, but said people could use the feature it created to make Telegram traffic harder to identify and track. In a statement, WhatsApp said the surveillance tools “posed an urgent threat to the privacy of people around the world” and would continue to protect private conversations.
New tools could change best practices for those looking to cover up their online behavior. In Russia, digital exchanges between suspects and others could lead to deeper investigations and even arrests, people familiar with the matter said.
Shahbaz, a Freedom House researcher, said he expected Russian companies to eventually become competitors to suppliers of the usual surveillance tools.
“China is the pinnacle of digital authoritarianism,” he said. “But Russia has been working together to reform the country’s internet regulations to make them more similar to China. Russia will become a competitor to Chinese companies.”