A WikiLeaks Russia Dump Reveals Just Enough—But Not Too Much

Credit to Author: Lily Hay Newman| Date: Wed, 20 Sep 2017 15:56:37 +0000

At this point, it’s commonplace for US government power dealings, investigations, and surveillance tactics to come to light, whether from leaks or whistleblowers. But a new release from WikiLeaks pivoted the focus to Russia, offering a look at some technical aspects of how Moscow spies on its citizens online.

Much of the information in the dump was already publicly available; the release wasn’t exactly the type of radical secret-sharing WikiLeaks typically engages in. And security and privacy analysts agree that the documents support, rather than expand, the existing picture of how Russian surveillance works. But with oppressive surveillance and censorship posing an increasingly grim human-rights threat in Russia, experts caution against writing the release off altogether.

“It doesn’t solve the problem that we know very few things about what’s going on on the side of the FSB," says Andrei Soldatov, a Russian journalist who specializes in investigating digital surveillance and Russian government intelligence like the Federal Security Service. "But nevertheless I decided that I need to praise this release, because it’s more than nothing. At least we got some hint about the data exchange interface between telecoms and secret services.”

The 35 documents in the WikiLeaks “Spy Files Russia” dump pertain to a St. Petersburg-based company known as Peter-Service, a software and technology vendor that apparently contracts on Russian government surveillance projects. Many of the documents describe how Peter-Service participates in Russia’s digital surveillance operation,known as System for Operative Investigative Activities (SORM). Specifically, the release includes information on how the company works with state agencies to collect and share mobile data.

“A lot of people try to uncover things about SORM,” Soldatov says. “So any new technicalities are good. There is some surveillance equipment which is installed on the premises of telecoms and ISPs, which is pretty well described because it’s produced by commercial companies. We know pretty much all about those things. What is a big mystery is what’s going on on the end of the FSB, not just in Moscow, but in every Russian town, because every local branch of the FSB has this equipment and is connected to the local ISPs.”

The WikiLeaks documents reinforce a bigger picture of modern Russian surveillance that combines technical mechanisms with legislative pressure. Whereas a country like China uses elaborate technological solutions first and foremost (the Great Firewall) to restrict access to information, Russia employs a more hybrid approach. There are virtually no legal checks on state surveillance, and everyone from individuals to large companies like Peter-Service are vulnerable to legal threats and intimidation.

“One tactic that the Russian government often employs is passing laws that are very hard to comply with in practice,” says Adrian Shahbaz, research manager of the annual “Freedom on the Net” international analysis at the human rights group Freedom House. “It has a coercive effect on companies because the Russian government can say ‘you are in violation of this law’ and coerce companies into being complicit in undermining the privacy of their users.”

Russia observers also note the importance of considering Wikileaks’ motivations in publishing this release. The group has faced mounting criticism over its leaks during the 2016 US presidential campaign, which supported and furthered ongoing Russian intelligence meddling. WikiLeaks claims coincidence, but the group subsequently published leaked data as Russian operatives worked to manipulate the French presidential election this spring.

That leads some to suggest that the “Spy Files Russia” dump is actually just an approved release direct from the Russian government, meant to defray criticism that WikiLeaks collusion.

“These are tricks that the Russians were willing to give up,” says James Andrew Lewis, a senior vice president at the Center for Strategic and International Studies, who formerly worked as a Foreign Service officer and an information security rapporteur for the United Nations. “I actually thought it was a bit slow and belated. They probably had to get FSB clearance to release anything and that may have taken a while. Think of it as vaudeville for leakers.”

Whether the Russian government was directly involved in the leak, analysts and human rights advocates are taking advantage of what it can tell them as they work to further investigate and expose Russia’s surveillance regime. “The information in the leaks doesn’t change what we already know about Russia’s surveillance practices, but it gives us interesting technical details on how they actually implement the surveillance regime,” says Rose Dlougatch of Freedom House.

The question now becomes if WikiLeaks releases more from Russia. After all, even strategic leaks reveal something.

https://www.wired.com/category/security/feed/