Hackers invaded the Russian Federal Security Service (FSB) server, and they obtained 7.5TB of data from SyTech, a contractor for FSB. Intruders have revealed dozens of data related to non-public Internet projects, such as how Russia deanonymizing Tor traffic, collects information about social network users and isolates Russian Internet services from the rest of the world.
The attack was launched on July 13, 2019, by an unknown hacker organization, 0v1ru$, who recently created a Twitter account and posted a screenshot of the folder belonging to the compromised computer. In the different pictures they posted on Twitter, one picture shows the total amount of information is 7.5TB. During the attack, the hacker also used a “Yoba-face” to destroy the company’s website, which is a popular emoji by Russian users.
According to Russian media reports, these documents indicate that since 2009, SyTech has conducted several projects for FSB and its peer contractor Quantum. The project includes:
- Nautilus – a project for collecting data about social media users (such as Facebook, MySpace, and LinkedIn).
- Nautilus-S – a project for deanonymizing Tor traffic with the help of rogue Tor servers.
- Reward – a project to covertly penetrate P2P networks, like the one used for torrents.
- Mentor – a project to monitor and search email communications on the servers of Russian companies.
- Hope – a project to investigate the topology of the Russian internet and how it connects to other countries’ network.
- Tax-3 – a project for the creation of a closed intranet to store the information of highly-sensitive state figures, judges, and local administration officials, separate from the rest of the state’s IT networks.
Other documents show that there are other older projects used to study other network protocols such as Jabber, ED2K (eDonkey) and OpenFT (Enterprise File Transfer). The hacked SyTech company has closed its website and refused media interviews since the hack.