The Russian ICC (XI): The intelligence ecosystem. Companies

When we talk about the relationship of Russian services with companies in the country, it is necessary to emphasize that these services are not interested in any type of organization, only those that can give coverage to the service or those that allow them to control, to a greater or lesser extent, a field of interest for Russia’s national interests – usually strategic companies for the nation – natural resources (gas and oil in particular), media, state monopolies created after the dismemberment of the USSR … As a curious fact in relation to state control in some areas, Russian law identifies strategic sectors or companies and it is the Russian law itself that defines how to invest in them, including foreign investment in these companies: foreign companies are prohibited from owning a strategic Russian company, unless expressly approved by the President.

Perhaps the most famous case of an apparently controlled company – or at least a high degree of penetration – by Russian services has been that of Aeroflot, the Russian airlines. From the KGB to our days such was the control of the intelligence services that commercial flights of the company have been used hypothetically for forced repatriations of Russian citizens or even for the trafficking of biological weapons. In 1996, 3,000 of its 14,000 employees were associated with Russian services, a situation that is denounced by the new President of the company, who even claimed that these services pay the salary of its personnel in the company; it goes without saying that he ends up in jail.

Of course, Russian services today have a lot of interest in technological companies (an interest that does not replace the one they have in more classic companies, but adds to it). From companies close to the content (those who have the information) such as Mail.RU or VKontakte, to large telecommunications operators such as Rostelecom or TransTelecom (information carriers), security companies such as Group IB (which owns the first Russian private CERT), RTEC (Russian Telecom Equipment Company, specializing in the development of secure communications technologies) or Kaspersky, the largest Russian security company (of which it must be said that it produces excellent technical APT reports).

A well-known case of control (pardon, collaboration) of a company by Russian services occurs in December 2013, when the FSB requests data from Ukrainian users to Pavel Durov, founder and CEO of VKontakte. (In the image we can see this request). And is that VKontakte, the “Russian Facebook”, is not only Russian: it has millions of users from former Soviet republics, which makes it an unbeatable source of data for Russian services. This request motivates Pavel Durov to leave the management of the social network, sell his part of the company and leave Russia, Mail.RU moving on to take control of VKontakte in September 2014.

a b

Despite cases such as that of VKontakte, certainly the highest level of control over technology companies in Russia occurs over telecommunications providers (telephone, Internet …); such suppliers are required to provide “standard” access to the FSB for both the communications and internal documents of the companies through SORM (Systema Operativno-Razisknikh Meropriatiy). SORM can be translated from the Russian as “system for operational measures of search in communications”, knowing that ORM (“operative measures of search”, is the friendly definition of interception ([1]) and is a set of regulations and, above all, of technological equipment, of application in the suppliers, which provides the FSB and other services with a simple mechanism to listen to communications, avoiding any judicial authorization. A physical device is deployed in the infrastructure of the communications provider and connected by a specially protected cable to FSB operations centers. From that moment, the service can access the communications and systems without any control by the provider – which despite paying out of pocket the equipment does not have access to it – and, of course, without any court order (at least a priori).

SORM was initially developed in 1996 and currently has three basic capabilities: SORM-I, for the interception of fixed and mobile telephone communications, SORM-II (1998), for the interception of network traffic (Internet) and SORM- III (2014), which provides the capacity to acquire all types of communications and data storage and intercepted metadata, with a high retention period. These systems are responsible for acquiring all relevant information from Russian communications and facilitating access to this data not only to the FSB, but also to different security or intelligence agencies in the country.

In summary, the collaboration, whether voluntary or not (“no one says NO to the FSB”), of some companies with Russian services is theoretically high, as is the degree of penetration of these services into the Russian business fabric with two objectives: Control and coverage. And today the technology can contribute much in both directions. Beware, nothing new or exclusive about the ecosystem of this country: we will speak some day of the CIA and some American airlines, or the NSA and ERROR: EOT. Connection closed.

[1] Andrei Soldatov. Russia’s communications interception practices (SORM). Agentura.RU. January, 2014.

See also in: