An article in the New York Times examines new Internet and cellphone traffic surveillance tools being developed in Russia.
As the war in Ukraine unfolded last year, Russia’s best digital spies turned to new tools to fight an enemy on another front: those inside its own borders who opposed the war.
To aid an internal crackdown, Russian authorities had amassed an arsenal of technologies to track the online lives of citizens. After it invaded Ukraine, its demand grew for more surveillance tools. That helped stoke a cottage industry of tech contractors, which built products that have become a powerful — and novel — means of digital surveillance.
The technologies have given the police and Russia’s Federal Security Service, better known as the F.S.B., access to a buffet of snooping capabilities focused on the day-to-day use of phones and websites. The tools offer ways to track certain kinds of activity on encrypted apps like WhatsApp and Signal, monitor the locations of phones, identify anonymous social media users and break into people’s accounts, according to documents from Russian surveillance providers obtained by The New York Times, as well as security experts, digital activists and a person involved with the country’s digital surveillance operations.
There's much more at the link (which takes you to an archived, non-paywalled version of the article).
The thing to remember is that Russia is actually behind the curve with respect to such tools. The USA, China and Israel (and probably other nations as well) are far ahead of them, having been doing this for literally decades. What's more, these countries often sell and/or share their technology with each other, because it's in Big Brother's interest to help other Big Brothers keep an eye on their more troublesome citizens, so they can tell each other of interesting developments. Whether left-wing or right-wing, Big Brothers dislike dissent, and their operatives help each other more than you'd believe.
(I had personal experience of this, in a much more technologically limited way, back in South Africa in the 1970's. I remember a fairly large room in a major underground command center that was filled with dozens upon dozens of double-banked teleprinters, each connected through dedicated, permanent circuits to a defense command or intelligence center in another country. The whole of NATO was represented, plus others. This was at a time when a mandatory international arms embargo was in place against South Africa, and formal contact between those nations' armed forces and South Africa's military was strictly verboten - but that didn't stop it happening on a daily basis. The "powers that be", even nominal enemies [some of them actually shooting at each other at the time], nevertheless recognized each other's importance and talked to each other as a matter of routine. Most politicians probably never knew such communications existed - or, if they did, they were careful never to take official notice of it. The same sort of cooperation is doubtless ongoing to this day, albeit technologically far more advanced and much more intrusive in every sphere, not just military.)
As we've said many times before in these pages, you have no electronic privacy whatsoever, no matter what the laws in your country may say. Every word you say or type on an electronic network is monitored, recorded and analyzed, even if only as part of broader traffic analysis. If you're classified as one who does not "toe the Party line", you can expect that surveillance to be considerably more intensive. Even if you're using so-called "secure" apps like Signal, I'm quite sure that someone, somewhere, can decrypt and read your messages at will, if you come to their notice as being worthy of the investment in time and effort it will take. For organizations like the NSA, there probably needn't be a human in the decision loop at all: it'll be an artificial intelligence system that scans all the data they gather, looks for key words or locations or traffic patterns, and scans deeper whenever it thinks it might be fruitful.
Peter
The number of people in my circle of acquaintances that tell me I'm "paranoid", that "they can't really track your cellphone with any real accuracy, that's all Hollywood", and that "our government wouldn't do it if they could anyways" would depress me if I wasn't a pessimist to begin with.
ReplyDeleteThe fact they hold to all those positions when I pointed out my JOB in the military directly related to doing similar things overseas, with only a "well, those were enemies, they wouldn't do it to Americans" acknowledgement made me downgrade what I assumed average level of intelligence was.
Oddly, I see no comments.
ReplyDeleteVery well, I'll be the first commenter: no comment.
Peter: your description of the comm center is interesting. Did anyone have first-hand knowledge of the goings-on, or was it 2nd, 3rd, whatever?
I am undoubtedly on a list.
ReplyDeleteI used to run a Mixmaster node in the early 2000's. An encrypted anonymous email relay, for the non geeks.
@Robert: I worked in that complex for the best part of a year. To call it "interesting" was an understatement.
ReplyDeleteBut....but ....but, NYT told us ALL the young, liberal high tech kinda folks left Russia (Russia! Russia! Russia!) after the absorption of Crimea in 2014 and they said it AGAIN following the Feb 2022 operations.
ReplyDeleteThose young "hip" kids fled to the West because....Putin BAD.
So who's building that surveillance network.
Someone.....anyone....Call a nurse (you know who!) I think something's broken at NYT
Russia may or may not be behind the curve in cyber surveillance but they are still the undisputed masters of human intelligence gathering...espionage. Something the US has never been great at due to over reliance in signal intelligence. Seems both Russia and China have had little trouble at finding people willing to give them information for a price.
ReplyDeleteHeck, they aren’t getting just information. A goodly number of our fearless leaders are bought and paid for as well as compromised. Why settle for just info when you can pull their strings and make them dance?
DeleteCoelacanth
So there are spies and hackers galore. WHAT matters to Me is the USSA Feral Gub-Mint.... that is "supposedly" "Constitutional". Obviously It Isn't, but these Ferals live HERE. Putin and Xi are problems for Russians and Chinese People to handle. Are the American PEOPLE going to Handle "Our Own" Ferals ???
ReplyDeleteDuring a security briefing my a tetired FBI manager two weeks ago, he said they CANNOT break 256-bit encryption as used by Signal. So instead, they get people to infiltrate groups, play along, and get into the signal chats, so they get the comms that way...
ReplyDelete@Capitalist Eric: Don't you believe it! The NSA has supercomputers capable of breaking any and every code and cipher currently in use. It may not happen immediately; they may take a few weeks to decrypt something, and they'll only do that if they think it's important - but the fact that they can do it is not in doubt. For "ordinary people" like you and I, I doubt they'll bother. However, if we end up on some list of potentially important targets . . .
ReplyDeleteAlso, bear in mind they may not need to break encryption at all. If they can insert a "back door" into an app like Signal, they can read the message as it's typed in, before it's encrypted, or after it's decrypted and is being read by its recipient. Such backdoors are common methods of rendering a "secure" protocol less so.
The only impenetrable encryption technology currently known to exist requires quantum computers. Those are at present only a theory, although major progress has been made to make them work. Once they reach that stage, decryption will be essentially impossible.
One-time pads are also unbreakable by known means short of a black-bag job on one end of the communications. Assuming you've got a valid random number source, that is. Not computer-generated, but cosmic background radiation will do nicely. Distribution of pads and keeping them secure is the hard part, but if that's done properly, nothing but traffic analysis can be done.
ReplyDelete