09 October 2013

Russia's Sochi Games: if there, you better keep shtum

It looks like the upcoming Winter Olympics might provide more work to Edward Snowden. This time, as it follows from a very detailed Agentura.ru article Surveillance at the Sochi Olympics 2014, the object of Snowdens' incisive analysis and subsequent whistleblowing should be the Russian FSB.

Not that there is much difference in the goals pursued by NSA and FSB. Both outfits see the rivers of information flowing out there, both are frothing at the mouth and chafing at the bit, thinking about all that treasure being available. And you already know something of what NSA is doing about it. There is, however, a significant difference in the way the other guys are doing it, compared with relatively humble and self-conscious NSA. They start from the same techno-thrilling roots:

SORM’s tactical and technical foundations were developed by a KGB research institute in the mid-1980s, and recent technological advances have updated the system. Now, the SORM-1 system captures telephone and mobile phone communications, SORM-2 intercepts Internet traffic, and SORM-3 collects information from all forms of communication, providing long-term storage of all information and data on subscribers, including actual recordings and locations.
But then the similarity starts to fray at the edges:
In most Western nations, law enforcement or intelligence agencies must receive a court order before wiretapping (in the UK a warrant signed by a Secretary of State, usually the Home Secretary). That warrant is sent to phone operators and Internet providers, which are then required to intercept the requested information and forward it to the respective government agencies. In Russia, FSB officers are also required to obtain a court order to eavesdrop, but once they have it, they are not obliged to show it to anybody except their superiors in the FSB.
Telecom providers have no right to demand that the FSB show them the warrant.
The providers are required to pay for the SORM equipment and its installation, but they are denied access to the surveillance boxes.
Hilarious, ain't it? And more:
The FSB does not even need to contact the ISP’s staff; instead the security service calls on the special controller at the FSB HQ that is connected by a protected cable directly to the SORM device installed on the ISP network.
If you desire more info on the technical side:
What was not so widely announced is that by April 2011 most of telecom equipment suppliers to Russia modified their WiFi equipment according to new Russian rules introduced by the FSB. According to the rules, all means of encryption in the wireless controllers should be disabled, if sent to wired network segments. It means customers could use wireless encryption in public to secure their communications against casual eavesdropping by hackers but the FSB would still be able to intercept the traffic.
What it means for the Sochi visitors, in short, is that if you rely on your provider's server for encryption of the info you send from your laptop, smartphone etc., your information is wide open to the FSB peepers. Not that there aren't other, even more sophisticated means to get to your secrets, but let's leave it for experts to tell.

So, if you are in Sochi this winter, better avoid forwarding your critical impressions to your friends in the West via phone, Internet and any other means of communications. Unless you are a CIA agent, equipped by a latest and most sophisticated in satellite phones and encryption and... whatever words they use in these thrillers.

Well, back to Mr Snowden: seeing as he is currently unemployed (?) and has some free time to spare, I would suggest that he use some of that time to fight for freedom of Sochi Olympics from his accommodating hosts of FSB. Let's see where it gets him...

More on the subject from the same source: NSA Is No Match for the FSB.

On a related subject: video surveillance, which has more to do with the physical security of the games, I am proud to learn that:
Surveillance analysis equipment provided by the Israeili company NICE Systems. In September 2012 NICE announced that the city of Sochi got the complete NICE Surveillance portfolio as part of «Safe Sochi» initiative.
The pride is tempered, though, by my understanding that video surveillance could be used for nefarious purposes as well. On the other hand, you can't make an omelet and all that crap... good for NICE, anyway.