Battles on the topic of anonymity on the Internet have been going on for several years all over the world, and Russian lawmakers are still trying to regulate the Internet. It is very easy to become paranoid if you think about it often. At the request of GQ, journalist Andrei Kaganskikh studied how the state actually follows you, what messengers do officials themselves like (and you should love) and why we are still far from Orwell's world (spoiler: they steal).
It sounds impressive, but you shouldn't be afraid. According to journalist Andrei Soldatov, who wrote a book about SORM with a colleague, the system is too cumbersome to be effective. Security officials prefer pinpoint espionage, and urban legends about searching for threats using keywords remain modern folklore.
As for pinpoint wiretaps, special services can carry out them only with the permission of the court. In 2015 (this is still the most recent statistics), the courts issued 845,631 such permits. Better not to wonder if these statistics include you. You won't know anyway, because such orders, as a rule, never become public.
First of all, the choice of a messenger depends on where the official works. Most government agencies use Telegram. But there are also originals. According to an entrepreneur close to the FSB, there is a group in the Moscow intelligence department that prefers FaceTime to all other messengers. The choice is simple - the application for video calls is also encrypted, the face of the interlocutor is always in sight, and compromising video chats are not saved anywhere.
According to GQ's source in the State Duma, police chiefs allegedly prefer the Signal messenger, which lives on grants and donations. In the parliament itself, the situation is worse - the majority of deputies still prefer meetings in baths and offices to secret chats.
In the Administration of the President of the Russian Federation, information discipline is being monitored more actively. The list of internal requirements in one of the departments, among other things, includes written reporting on social networks (including anonymous accounts) and connections via VPN (Virtual Private Network). VPN technologies allow you to create encrypted connections on the Internet, including encrypted telephone lines. You just need to carefully choose a VPN server or even get your own: after the Yarovaya law, not everyone is suitable, they are now also actively trying to hang SORM on them.
"From the funny thing: microphones, which are usually used for hands-free communication, have been mechanically removed from office equipment," says an employee of the Kremlin apparatus. While you were sleeping, fridges, televisions and camcorders equipped with vulnerable software marched onto the market, making the Internet of Things a reality. In 2016, the first massive DDoS attacks were carried out using household appliances, and WikiLeaks leaks already feature technologies for turning Samsung smart TVs into expensive bugs. In the spring of 2016, Edward Snowden began opening the phone of journalist Shane Smith on the air of the Vice media holding on HBO. After removing the microphones and video cameras, the former NSA official called the device safe, so the technical exercises of Russian officials do not look so paranoid. Sophisticated caution goes hand in hand with traditional apathy. “To be honest, many civil servants are complete laymen. Nobody really organizes their security. In Roskomnadzor, in general, email addresses are on mail.ru - and all protection is reduced to veiled phrases, ”one of the interlocutors complains about his colleagues.
Oddly enough, people from the General Prosecutor's Office can be considered the most advanced in information security issues. Allegedly, prosecutors categorically do not accept documents from flash drives and do not discuss their secrets by e-mail and in popular instant messengers. Moreover, they are not shy about encrypting traffic through TOR - a reliable way to get away from SORM and data interception. “They are also addicted to various mobile anonymization devices. A recent example is a mobile phone with an ever-changing IMEI (international mobile equipment identifier. - Approx.), Which connects to any nearby antenna for transmitting cellular data and, using this network, allows you to make anonymous calls, ”says a source in the State Duma.
Unlike officials, ordinary Russians do not seem to have much longer to use the available phone encryption. Back in the fall of 2016, one of the SORM supplier companies, Con Certeza, was looking for contractors to hack encrypted messengers, but apparently it didn't work out. At the beginning of 2017, a set of new amendments to the law "On Communications" was issued from the pen of the Ministry of Internal Affairs and Roskomnadzor. The main goal is to bring instant messengers under control. According to the idea of the Ministry of Internal Affairs, companies that own messengers should provide security officials with software for identifying users. In case of disobedience, officials expect a repeat of the story with the blocking of LinkedIn in the Russian Google Play and App Store. The siloviki can be understood:
If desired, our special services are able to hack Telegram right now, albeit rudely. For example, by the method of interception by the MTS technical security department of SMS messages with authentication codes. They have a lot to learn from their Western colleagues. According to the latest batch of WikiLeaks documents, the CIA is able to read your secret chats using special viruses. However, they did not manage to break Telegram: the agents used the weaknesses of mobile operating systems, undetected by the developers, and not of individual applications.
In the winter of 2013, Harvard sophomore Eldo Kim used TOR to send a letter to the campus administration, local police department, and the university newspaper from a temporary mailbox on Guerrilla Mail. The letter threatened two bombs placed on campus. There were no explosives at the university, of course, Kim was just trying to dodge the exam. Two days later, the student was caught without any cipher decoding. Having found a trace of the "onion" IP-address in the letter, the feds guessed to check the records on the university's Internet networks for access to the TOR nodes. The negligent student quickly confessed to what he had done. The capture of Kim is a typical example of a correlation attack, when operatives check the timing of an action in TOR and access to the darknet entrance nodes and look for matches.
“If necessary, you can find anyone. All TOR output nodes are listening. Imagine, they are interested in you and listen to your traffic, and you turned on TOR, torrents and from the TOR browser you go to your VKontakte, ”says a young civil servant working in the field of IT analytics. Last year, he talked about safe ways to buy drugs on the darknet while fueling a bong and blowing smoke into the room. Apparently, he strictly follows his own precepts: “There is a set of signs by which you can determine which sites on the external Internet you visited. And these features include, for example, the size of the browser window. If you stretched it and it became non-standard, it will immediately set you apart from millions of people. Accordingly, the more cheeky you behave - the more sites you visit during one session and the more actions you perform, - the more likely to get burnt. But for a simple drug addict, no one will be so worn out. ” These electronic prints are also collected in order to serve contextual advertising to the user. According to the interlocutor of GQ, in special cases, the leaked data from advertising aggregators can be used to de-anonymize darknet users.
More fundamental attempts to establish surveillance of everything and everyone in Russia are failing because of everyday corruption. In February 2013, Integrated Security Technologies (KTB) signed a contract with the Ministry of Internal Affairs for the supply of the Spartan 300 complex for outdoor surveillance cameras installed in Moscow. According to the developers, the system used a neural network that can determine a person's intentions by his facial expressions and behavior. The declared functionality aroused suspicion among everyone, except for employees of the Ministry of Internal Affairs - in fact, the complex turned out to be a contactless Kinect controller with the Spartan logo pasted over the Microsoft logo. The original device allows you to play on Xbox using hand movements. The controller offered to the police coped poorly with its functionality, even with the absence of tools for recognizing facial expressions. The situation might seem like an evil anecdote, if not for the broadcast about the miracle box on the Moscow 24 TV channel and subsequent claims from Microsoft. A lawsuit from Zack Snyder and Warner Bros. did not seem to follow.
“Two years ago, at the Infoforum conference, one team suggested putting microphones in front of the cameras in transport,” says journalist Soldatov. - The developers say: “Some drug addicts will run into the bus and start robbing someone. The driver will not be able to react - he has to look at the road. Microphones will help the driver hear what is happening and react. "In practice, expensive microphones are more likely to retransmit the noises of the interior of the seventeen-meter" Ikarus "to drivers who are not very motivated to feats. For a year now, officials have been planning to replace CCTV cameras generously hung in the Moscow metro with "smart" cameras with software for recognizing the faces of criminals and detecting fights and other obvious offenses. In 2015, the cost of the entire system was estimated at 3. 7 billion rubles. The current deadline is the 2018 World Cup.
An interviewee of GQ from the field of IT-entrepreneurship expressed doubts about the performance of these cameras. If there are only a couple of cameras on a 150-meter platform, then the blurry pixel captured by the lens may remain a blurry pixel, similar to millions of other foggy passenger spots. The current data on public procurement does not give a concrete idea of the total number of "smart" cameras at stations and the technical equipment of the system. Although systems for tracking queues at the checkout and forgotten bags in the metro are already being tested, and it seems to be successful.
According to Arthur, the future belongs to anti-terrorist drones that recognize faces and flocks circling over Moscow in search of unreliable citizens. Answering my question about ways to deceive his algorithm, Arthur does not hide his irony: “Simple: glasses on half of the face and a scarf on the floor. I also saw face sprays with paint emitting light in the infrared range in a couple of TV shows. Quite realistic. "Perhaps, instead of Arthur, art will prompt the correct answer. In 2013, artist Adam Harvey published his take on the paranoia-inspired fashion of the future. The project was named CV Dazzle. The program includes half-face bangs, bold unisex makeup and accents on asymmetry, which together effectively make the face invisible to algorithms. Now the artist is working on creating a new (and fashionable) type of urban camouflage. Cameras will unsuccessfully search for faces in camouflage patterns, making face search a rudiment. Perhaps someday it will really come into fashion. Perhaps even among the officials who will appear at meetings and plenary sessions in camouflage threesomes, with playful bangs and colorful makeup.
HOW TO FOLLOW
In Russia, the most famous way of spying on citizens is the System of Technical Means to ensure the functions of operational-search measures (or simply SORM). The principle of operation is simple - multiple copies of our Internet traffic and records of our telephone conversations for subsequent dissection by FSB agents. In theory, this system should be installed at their own expense by absolutely all operators and "organizers" of communication - starting with Rostelecom and ending with the caretaker of university Wi-Fi routers.It sounds impressive, but you shouldn't be afraid. According to journalist Andrei Soldatov, who wrote a book about SORM with a colleague, the system is too cumbersome to be effective. Security officials prefer pinpoint espionage, and urban legends about searching for threats using keywords remain modern folklore.
As for pinpoint wiretaps, special services can carry out them only with the permission of the court. In 2015 (this is still the most recent statistics), the courts issued 845,631 such permits. Better not to wonder if these statistics include you. You won't know anyway, because such orders, as a rule, never become public.
WHAT MESSENGERS DO THE OFFICIALS LOVE
The most convenient way to bypass government wiretapping and the main headache for voyeurs in uniform is with encrypted messengers like WhatsApp, Viber and Telegram. The officials themselves love them. Due to the constant feuds in the domestic power structures and the fear of surveillance by Western colleagues, some civil servants have mastered the art of secret correspondence quite well. Rituals, traditions and tales are enough for a small ethnographic reference book, and you have something to learn from them, remember.First of all, the choice of a messenger depends on where the official works. Most government agencies use Telegram. But there are also originals. According to an entrepreneur close to the FSB, there is a group in the Moscow intelligence department that prefers FaceTime to all other messengers. The choice is simple - the application for video calls is also encrypted, the face of the interlocutor is always in sight, and compromising video chats are not saved anywhere.
According to GQ's source in the State Duma, police chiefs allegedly prefer the Signal messenger, which lives on grants and donations. In the parliament itself, the situation is worse - the majority of deputies still prefer meetings in baths and offices to secret chats.
In the Administration of the President of the Russian Federation, information discipline is being monitored more actively. The list of internal requirements in one of the departments, among other things, includes written reporting on social networks (including anonymous accounts) and connections via VPN (Virtual Private Network). VPN technologies allow you to create encrypted connections on the Internet, including encrypted telephone lines. You just need to carefully choose a VPN server or even get your own: after the Yarovaya law, not everyone is suitable, they are now also actively trying to hang SORM on them.
"From the funny thing: microphones, which are usually used for hands-free communication, have been mechanically removed from office equipment," says an employee of the Kremlin apparatus. While you were sleeping, fridges, televisions and camcorders equipped with vulnerable software marched onto the market, making the Internet of Things a reality. In 2016, the first massive DDoS attacks were carried out using household appliances, and WikiLeaks leaks already feature technologies for turning Samsung smart TVs into expensive bugs. In the spring of 2016, Edward Snowden began opening the phone of journalist Shane Smith on the air of the Vice media holding on HBO. After removing the microphones and video cameras, the former NSA official called the device safe, so the technical exercises of Russian officials do not look so paranoid. Sophisticated caution goes hand in hand with traditional apathy. “To be honest, many civil servants are complete laymen. Nobody really organizes their security. In Roskomnadzor, in general, email addresses are on mail.ru - and all protection is reduced to veiled phrases, ”one of the interlocutors complains about his colleagues.
Oddly enough, people from the General Prosecutor's Office can be considered the most advanced in information security issues. Allegedly, prosecutors categorically do not accept documents from flash drives and do not discuss their secrets by e-mail and in popular instant messengers. Moreover, they are not shy about encrypting traffic through TOR - a reliable way to get away from SORM and data interception. “They are also addicted to various mobile anonymization devices. A recent example is a mobile phone with an ever-changing IMEI (international mobile equipment identifier. - Approx.), Which connects to any nearby antenna for transmitting cellular data and, using this network, allows you to make anonymous calls, ”says a source in the State Duma.
Unlike officials, ordinary Russians do not seem to have much longer to use the available phone encryption. Back in the fall of 2016, one of the SORM supplier companies, Con Certeza, was looking for contractors to hack encrypted messengers, but apparently it didn't work out. At the beginning of 2017, a set of new amendments to the law "On Communications" was issued from the pen of the Ministry of Internal Affairs and Roskomnadzor. The main goal is to bring instant messengers under control. According to the idea of the Ministry of Internal Affairs, companies that own messengers should provide security officials with software for identifying users. In case of disobedience, officials expect a repeat of the story with the blocking of LinkedIn in the Russian Google Play and App Store. The siloviki can be understood:
If desired, our special services are able to hack Telegram right now, albeit rudely. For example, by the method of interception by the MTS technical security department of SMS messages with authentication codes. They have a lot to learn from their Western colleagues. According to the latest batch of WikiLeaks documents, the CIA is able to read your secret chats using special viruses. However, they did not manage to break Telegram: the agents used the weaknesses of mobile operating systems, undetected by the developers, and not of individual applications.
HOW YOU'RE FOLLOWED IN DARKNET
It is still possible to calmly scroll the Internet in Russia. While VPN providers are almost in control, there is still a reliable bulbous TOR. In any case, until the Russian government decides to emulate the example of Ethiopia and Turkey, where TOR is blocked. In principle, the shadow sector of the Internet is still reliably protected from the attention of security officials, but getting caught is still not difficult. For example, if it's stupid enough to turn off the antivirus or not deactivate scripts in the browser. This is how the Australian cops en masse caught the lovers of child pornography from the site The Love Zone. The catch with TOR is this: providers know that you are entering it, but they do not know what you are doing in it.In the winter of 2013, Harvard sophomore Eldo Kim used TOR to send a letter to the campus administration, local police department, and the university newspaper from a temporary mailbox on Guerrilla Mail. The letter threatened two bombs placed on campus. There were no explosives at the university, of course, Kim was just trying to dodge the exam. Two days later, the student was caught without any cipher decoding. Having found a trace of the "onion" IP-address in the letter, the feds guessed to check the records on the university's Internet networks for access to the TOR nodes. The negligent student quickly confessed to what he had done. The capture of Kim is a typical example of a correlation attack, when operatives check the timing of an action in TOR and access to the darknet entrance nodes and look for matches.
“If necessary, you can find anyone. All TOR output nodes are listening. Imagine, they are interested in you and listen to your traffic, and you turned on TOR, torrents and from the TOR browser you go to your VKontakte, ”says a young civil servant working in the field of IT analytics. Last year, he talked about safe ways to buy drugs on the darknet while fueling a bong and blowing smoke into the room. Apparently, he strictly follows his own precepts: “There is a set of signs by which you can determine which sites on the external Internet you visited. And these features include, for example, the size of the browser window. If you stretched it and it became non-standard, it will immediately set you apart from millions of people. Accordingly, the more cheeky you behave - the more sites you visit during one session and the more actions you perform, - the more likely to get burnt. But for a simple drug addict, no one will be so worn out. ” These electronic prints are also collected in order to serve contextual advertising to the user. According to the interlocutor of GQ, in special cases, the leaked data from advertising aggregators can be used to de-anonymize darknet users.
WHY TOTAL SPEECH IS A FICTION
The reign of Orwellian technocracy in Russia is hindered by bureaucratic dreams of buying their own villa in Tuscany and banal technical illiteracy. As practice shows, the Russian police do not even have to look for a criminal. It is enough to jail the owner of the TOR exit node, whose IP address remained in the compromising post. This is what apparently happened to the Moscow mathematics teacher Dmitry Bogatov, who was arrested for calling for riots. Having looked through the list of IP-addresses of Vladivostok, Norway, the Netherlands and Japan, from which the user of sysadmins.ru, a certain Airat Bashirov, who was campaigning for the rally in Moscow, allegedly came in, the investigators found a single Moscow IP-address. This knot was held by Bogatov. According to media reports, while Bogatov is in prison, the user "Airat Bashirov"More fundamental attempts to establish surveillance of everything and everyone in Russia are failing because of everyday corruption. In February 2013, Integrated Security Technologies (KTB) signed a contract with the Ministry of Internal Affairs for the supply of the Spartan 300 complex for outdoor surveillance cameras installed in Moscow. According to the developers, the system used a neural network that can determine a person's intentions by his facial expressions and behavior. The declared functionality aroused suspicion among everyone, except for employees of the Ministry of Internal Affairs - in fact, the complex turned out to be a contactless Kinect controller with the Spartan logo pasted over the Microsoft logo. The original device allows you to play on Xbox using hand movements. The controller offered to the police coped poorly with its functionality, even with the absence of tools for recognizing facial expressions. The situation might seem like an evil anecdote, if not for the broadcast about the miracle box on the Moscow 24 TV channel and subsequent claims from Microsoft. A lawsuit from Zack Snyder and Warner Bros. did not seem to follow.
“Two years ago, at the Infoforum conference, one team suggested putting microphones in front of the cameras in transport,” says journalist Soldatov. - The developers say: “Some drug addicts will run into the bus and start robbing someone. The driver will not be able to react - he has to look at the road. Microphones will help the driver hear what is happening and react. "In practice, expensive microphones are more likely to retransmit the noises of the interior of the seventeen-meter" Ikarus "to drivers who are not very motivated to feats. For a year now, officials have been planning to replace CCTV cameras generously hung in the Moscow metro with "smart" cameras with software for recognizing the faces of criminals and detecting fights and other obvious offenses. In 2015, the cost of the entire system was estimated at 3. 7 billion rubles. The current deadline is the 2018 World Cup.
An interviewee of GQ from the field of IT-entrepreneurship expressed doubts about the performance of these cameras. If there are only a couple of cameras on a 150-meter platform, then the blurry pixel captured by the lens may remain a blurry pixel, similar to millions of other foggy passenger spots. The current data on public procurement does not give a concrete idea of the total number of "smart" cameras at stations and the technical equipment of the system. Although systems for tracking queues at the checkout and forgotten bags in the metro are already being tested, and it seems to be successful.
WHAT WAITS FOR US IN THE FUTURE
Instead of beeps, a record is played in the receiver: “I [raped you]. All together. Khachuyan, you don't decide ... ”I call Artur Khachuyan. He wears dreadlocks, mixes his own ringtones, and his company, Fubutech, supplies officials with facial recognition software. What distinguishes Khachuyan's company from competitors who are sawing money is at least the presence of commercial clients and a functioning website. Fubutech algorithms are storming the Internet every second in search of available photos from open sources. At the first request, a different algorithm puts control points on the found face and searches for matches in the collected database. In order, for example, to find terrorists in random pictures from hookah bars or to look for students in photographs from a rally on Tverskaya and deprive them of their scholarships.According to Arthur, the future belongs to anti-terrorist drones that recognize faces and flocks circling over Moscow in search of unreliable citizens. Answering my question about ways to deceive his algorithm, Arthur does not hide his irony: “Simple: glasses on half of the face and a scarf on the floor. I also saw face sprays with paint emitting light in the infrared range in a couple of TV shows. Quite realistic. "Perhaps, instead of Arthur, art will prompt the correct answer. In 2013, artist Adam Harvey published his take on the paranoia-inspired fashion of the future. The project was named CV Dazzle. The program includes half-face bangs, bold unisex makeup and accents on asymmetry, which together effectively make the face invisible to algorithms. Now the artist is working on creating a new (and fashionable) type of urban camouflage. Cameras will unsuccessfully search for faces in camouflage patterns, making face search a rudiment. Perhaps someday it will really come into fashion. Perhaps even among the officials who will appear at meetings and plenary sessions in camouflage threesomes, with playful bangs and colorful makeup.
