Hackers breach FSB contractor, expose Tor deanonymization,etc

Nolan Bell
Nolan Bell

Hackers have breached SyTech, a contractor for FSB, Russia's national intelligence service, from where they stole information about internal projects the company was working on behalf of the agency – including one for deanonymizing Tor traffic.

The breach took place last weekend, on July 13, when a group of hackers going by the name of 0v1ru$ hacked into SyTech's Active Directory server from where they gained access to the company's entire IT network, including a JIRA instance.

Hackers stole 7.5TB of data from the contractor's network, and they defaced the company's website with a "yoba face," an emoji popular with Russian users that stands for "trolling."

Hackers posted screenshots of the company's servers on Twitter and later shared the stolen data with Digital Revolution, another hacking group who last year breached Quantum, another FSB contractor.

FSB's secret projects

Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects since 2009 for FSB unit 71330 and for fellow contractor Quantum. Projects include:

Nautilus - a project for collecting data about social media users (such as Facebook, MySpace, and LinkedIn).

Nautilus-S - a project for deanonymizing Tor traffic with the help of rogue Tor servers.

Reward - a project to covertly penetrate P2P networks, like the one used for torrents.

Mentor - a project to monitor and search email communications on the servers of Russian companies.

Hope - a project to investigate the topology of the Russian internet and how it connects to other countries' network.

Tax-3 - a project for the creation of a closed intranet to store the information of highly-sensitive state figures, judges, and local administration officials, separate from the rest of the state's IT networks.

BBC Russia, who received the full trove of documents, claims there were other older projects for researching other network protocols such as Jabber (instant messaging), ED2K (eDonkey), and OpenFT (enterprise file transfer).

Other files posted on the Digital Revolution Twitter account claimed that the FSB was also tracking students and pensioners.

Some projects came to be, were tested

But while most of the projects look to be just research into modern technology – which all intelligence services carry out – there are two that appear to have been tested in the real world.

The first was Nautilus-S, the one for deanonymizing Tor traffic. BBC Russia pointed out that work on Nautilus-S started in 2012. Two years later, in 2014, academics from Karlstad University in Sweden, published a paper detailing the use of hostile Tor exit nodes that were attempting to decrypt Tor traffic.

Researchers identified 25 malicious servers, 18 of which were located in Russia, and running Tor version 0.2.2.37, the same one detailed in the leaked files.

The second project is Hope, the one which analyzed the structure and make-up of the Russian segment of the internet.

Earlier this year, Russia ran tests during which it disconnected its national segment from the rest of the internet.

SyTech, the hacked company, has taken down its website since the hack and refused media inquiries.
;

Attached: sytech-dr.png (131.23 KB, 370x453)

Other urls found in this thread:

zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/
torstatus.blutmagie.de/
trac.torproject.org/projects/tor/wiki/doc/badRelays

Gabriel Perez
Gabriel Perez

Some projects came to be, were tested

But while most of the projects look to be just research into modern technology – which all intelligence services carry out – there are two that appear to have been tested in the real world.

The first was Nautilus-S, the one for deanonymizing Tor traffic. BBC Russia pointed out that work on Nautilus-S started in 2012. Two years later, in 2014, academics from Karlstad University in Sweden, published a paper detailing the use of hostile Tor exit nodes that were attempting to decrypt Tor traffic.

Researchers identified 25 malicious servers, 18 of which were located in Russia, and running Tor version 0.2.2.37, the same one detailed in the leaked files.

zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/

David Walker
David Walker

lol @ them for using windows

Eli Long
Eli Long

absolutely cancerous spacing that's impossible to read
you ruineded this thread, op.

Xavier Jackson
Xavier Jackson

you ruineded this thread, op.
you ruined this thread user
learn to spell and not be a triggered idiot and one more word of advice...don't breed

Kevin Parker
Kevin Parker

No need to worry too much guys. The vulns referred in the OP were known and the hostile nodes were marked as rogue by the directory servers so clients wouldn't try to connect to them.

Brandon Carter
Brandon Carter

If it isn't a wall of text it won't be read.

James Bennett
James Bennett

please keep using tor

Gno.

Grayson Davis
Grayson Davis

marked as rogue
how?

Aiden Miller
Aiden Miller

The directory server flips a "don't send out this node to clients" variable and as they don't send the node IP to the clients, none of the clients connect to it. They're listed here torstatus.blutmagie.de/
Just sort by "bad exit".

John Sanders
John Sanders

yeah, that's trivial stuff.
How did they know these were rogue servers, and how long did it take them to notice?
That's what matters for privacy. You're not going to be pleased that the relay that deanonymized you got shut down the day after you got black bagged.

Daniel Gray
Daniel Gray

Anyone know where the 7.5TB dump is?

Anthony Jones
Anthony Jones

You ruined this thread, user. Learn proper punctuation and grammar, the correct use of the ellipsis, and to not be a triggered idiot. One more word of advice: don't breed.

Christopher Wood
Christopher Wood

My response was kinda tongue in cheek. I've been saying behind the scenes Tor is partially run by US intelligence behind the scenes, but it still is much, much better than browsing naked. For the most part you can protect against bad exit attacks by configuring HTTPS Everywhere to block unencrypted connections.
Bad exists are known from around 2010 apparently trac.torproject.org/projects/tor/wiki/doc/badRelays
I wasn't able to find any data on how fast are bad exit nodes found. Probably nobody has done an analysis on that.
I remember reading about automated bad exit node probing but I haven't been able to find anything on that either, so maybe they're just added manually.

Adam Miller
Adam Miller

i wish that there was a way to mass hide here like you can on 4chan with the addon. one hidden troll post then hides all replies to it too.

Colton Rodriguez
Colton Rodriguez

Consider the following:
online articles claim that many analysis attacks on Tor require both endpoints [the first and exit nodes] to be compromised. i cannot say whether an exit<---MITM--->destination attack will suffice, but assuming the exit node must be compromosed,
the us and russian intelligence agencies are hostile
a tor relay beginning in the us and ending in a russian run node prevents either from performing successful analysis
competition keeps us safe from monopoly.
haiI eris

Eli Nelson
Eli Nelson

Like your wish to someday lose your virginity--the times your stepdad used your ass as a pussy when your mom was out of town or wouldn't put out don't count--this wish will probably remain unfulfilled. The mongrel Flip who runs this place can barely keep it functioning. I don't see many user-centric new features on the horizon.

Maybe you should just be less of a whiny bitch instead.

Lincoln Fisher
Lincoln Fisher

US intelligence can buy servers in russia. Russian intelligence can buy servers in the US.

Dylan King
Dylan King

So true. And Cloudflare sells data to all intelligence services willing to pay.

Connor Price
Connor Price

begging for a 4cuck feature
hmmm

Luis Bailey
Luis Bailey

that one is so overused that it has no effect anymore. i wish that these kids would at least try to put some effort in their shitposts.

Attached: 15.jpg (4.65 KB, 270x246)

Bentley Powell
Bentley Powell

lol @ them for using windows
That's how you know they are professionals and not open sores GRIDS patients.

Adrian Gonzalez
Adrian Gonzalez

If they're so professional, why did they get hacked? They could have been running their own custom OS on russian OpenSparc platform. Then the script kiddies would have been btfo.