Circling the Lion's Den

The Russian state and surveillance technology

The Russian blogosphere has burgeoned into a open-door sanctuary for all strands of political opinion. Predictably, it has also attracted the attention of the country's security services. Irina Borogan and Andrei Soldatov present the first in a series of investigations outlining how the Russian state is now monitoring its online public.

About the authors
Andrei Soldatov is a Russian security services expert, and together with Irina Borogan, co-founder of the Agentura.Ru web site.
Irina Borogan is a Russian investigative journalist who covers the operations of Russian security services. She is the co-founder of Agentura.Ru.

On 28th April 2011, journalist Yuri Sinodov took a phone call from the FSB’s Centre for Information Security (CIS). Sinodov is the owner and editor-in-chief of Roem.ru, a website specialising in Web enterprises and social networks. The FSB man asked him to disclose information about a journalist who had written about an internal conflict within theodnoklassniki [‘Classmates’] social network.

Sinodov had already been approached for such information, back in 2007. At that time, he decided to ask the FSB for official confirmation. He soon received it, in the form of a request from the address ‘cybercrime@fsb.ru’, complete with FSB crest and signed by Sergey Maximov, head of one of the sections of the CIS. 

Sinodov then contacted the Directorate of Internal Security of the FSB, asking them to check whether this interest in his journalists was legal.  The reply he received from the first deputy director of the operations division of the CIS, A.Lyutikov, established that the request was legitimate and was purely for reference. Sinodov did not stop there, however, and addressed the same question  to the Prosecutor General’s Office. The response was completely unexpected: the procedure in question was a breach of the law ‘On Operational-Investigative Activity’, and the Directorate of the CIS had already been informed of the impermissibility of such law-breaking. Sinodov published his correspondence with the FSB and the Prosecutor General’s Office on his site with a clear conscience.

Sinodov believes that the interest shown by the FSB in his employee was probably a question of officers being used by private firms to investigate leaks of confidential information. ‘I think the company referred to in the post was trying to trace leaks of unofficial information about it – the FSB itself has no interest in this. It is not a question of any national significance; it’s the company’s problem.‘  When he spoke to the authors of this article, Yuri Sinodov was not inclined to attach any more significance to the interest of the FSB Centre for Information Security in websites writing about social networking: ‘They aren’t interested in me.’

There are elements in this story, however, that lead one to doubt whether the FSB officers were acting as mere mercenaries here. The letter received by Sinodov was signed by the deputy director of the Operations Division of the CIS. The signature of such a high ranking official excludes the possibility that the request was made to Sinodov on the initiative of a rank and file officer. Also, the Operations Division of the CIS is its most proactive department, involved not only in the technical protection of computer networks but also in active operational work on the Internet.

For example, within the FSB it is the CIS that decides what material should be removed from the Internet. Five years ago, in March 2006, Sergey Mikhailov, the signatory of the letter to Sinodov, sent the Internet Service Provider ‘Masterhost’ a letter, asking it to remove from caricatura.ru and pravda.ru the cartoons of the Prophet Mohammed  which had brought protests from Muslims all over the world. As a result, pravda.ru’s home page  was temporarily blocked, the story got out, and for a long time experts could not understand why the FSB hadn’t simply asked pravda.ru, as a legally registered media organisation, to remove the cartoons, rather than approaching its provider.

"Initially the FSB’s Centre for Information Security was responsible for protecting computer networks and tracking down hackers, but it is now responsible for not only the FSB’s IT network, but has for some time been closely monitoring the Internet and the media."

Based in a gloomy monumental building on the corner of Lubyanka Square and Myasnitsky Street, built in the 1980s as the KGB’s IT Centre, the CIS is the direct successor of the Directorate for Computer and Information Security of the FSB’s counterintelligence department, which was set up in 1998. Initially the Centre was responsible for protecting computer networks and tracking down hackers, but it is now responsible for not only the FSB’s IT network, including the provision of support for the Service’s own intranet, but has for some time been closely monitoring the Internet and the media.

To do this the CIS uses special analytical search systems developed by Russian programmers. On 2nd June 2010, for example, the Service invited tenders for contract No.147/I/1-133, worth up to 450,000 roubles [£9000], for the procurement of some software. The contract explained what the CIS had in mind – an information analysis system called ‘Semantic Archive’, produced by the company Analytic Business Solutions.

1.jpg

Systems such as ‘Semantic Archive’ are, in fact, what the Russian security services and Ministry of the Interior (MVD) use to monitor open sources (i.e. the media) and the Internet, including the blogosphere and social networks. The FSB and MVD started buying these systems extensively in the middle of the 2000s. In 2006, for example, during the run up to the G8 summit in St. Petersburg, the Interior Ministry bought a ‘Random Information Collection System’ from the Russian software company Smartware, as a precaution, it claimed, against extremism. The company’s marketing director Dmitry Shchipakov then announced that a unit had been set up in St. Petersburg which would use the system to analyse the media and the Internet. Smartware has since dropped this type of programme from its product list, but similar systems are available from at least a dozen companies. They include SyTech’s ‘ARION’ information analysis system, ‘Xfiles’, produced by iTecoMedialogia’s 'Blog Monitoring System' and the ‘Semantic Archive’ programme mentioned above, made by Analytic Business Solutions.

Analytic Business Solutions have an office occupying several rooms on the 1st floor of the Stalin-era brick building that houses the Sanitary Engineering Research Institute, in the Petrovsko- Razumovsky district of outer Moscow. The company’s brain and driver is Denis Shatrov, an energetic 35-year old. Trained as a programmer, and with a PhD, he began to develop analysis systems in the middle of the 90s with his father, the director of a factory in Belgorod that produced automated steering systems for spacecraft.

‘Our first system was called ‘Erudit’, he told us. ‘Then we started producing simulation systems – electoral, economic. In 1999 we installed one of these in Ukrainian President Kuchma’s situation room. In 2001 we were bought up by another company, IBS, where we continued to make systems for situation rooms. Included in these systems were modules for media analysis, the analysis of the economic climate in a region, and the analysis of electoral activity. Then in 2004 Putin abolished regional elections and the bottom fell out of that market. IBS had to restructure, and my father and I took our development teams out with us. We then began to lead a parallel existence: he specialising in economic modelling, and me in media analysis.’

‘And when did your main product, ‘Semantic Archive’, appear?’

‘In 2004. From the beginning we aimed our systems at the security services. We thought that if we worked with them, then we would also attract business from our intelligence services and those of our competitors too.’

Denis told us that his company’s systems are to be found in Russia’s Security Council and Ministry of Defence, as well as the FSB and four Interior Ministry departments. The company has also supplied systems to Ukraine, Belarus (its Interior Ministry’s ‘K Directorate’) and Kazakhstan.

‘And presumably you also supply regional Interior  Ministry  departments? The people in St. Petersburg bought your Random Information Collection System before the G8 Summit, for instance.’ 

‘Yes, they bought that from us just before the Summit. They had a budget for it and they bought it.’

‘How many people do you have working for you?’

‘About twenty.’

‘And what about systems for monitoring blogging? Is that more of a priority for you now?’

‘Yes, it is. This year we developed a special module for forums and blogs.’ 

(As programmers explained to us, the security services’ strategy for using this type of programme is to upload a certain proportion of blogs, which the system then monitors using various markers.)

‘And how many people can use this type of module at one time?’

‘Well, a few dozen.’

It is probably a lack of computing capacity that prevents the more widespread use of these systems by the security services. And the size of the systems, which are usually designed to suit a single department of about 20-25 people, explains why the FSB and Interior Ministry buy dozens of different systems from different companies. There is, however, another reason for this.

Pavel Lvovich Pilyugin, a tall man in his fifties with a little professorial beard, met me outside the office of the Special Information Service, where he is deputy CEO. The Special Information Service, one of the leading firms in the data search and analysis market, was set up by KGB officers back in 1990, and Pilyugin himself was a member of the KGB’s information analysis directorate, where he worked with all the security services’ analysis systems.

He began our meeting by drawing some diagrams, charting the way search engines are built to browse both structured (databases) and unstructured (Internet and social networks) computer files.

Pilyugin is convinced that only people who have worked in the security services can create information analysis systems ‘They at least understand what they are trying to do.’, he says with emotion in his voice. ‘Take, for example, Yuri Polyakov, who set up ‘Integrum’ (Polyakov, who died in 2001, was CEO of this company, the largest online media publisher in Russia – authors’ note): he was also a member of the KGB’s information analysis directorate.’

Although the case of ‘Semantic Archive’ does not confirm Pilyugin’s theory, there is some truth in what he says. About ten years ago the Federal Agency for Governmental Communication and Information (FAPSI), the government’s electronic intelligence agency, which was also responsible for monitoring the social and political situation in the Russian regions, was split between the FSB and the Federal Protection Service. Many IT specialists who had developed information analysis systems for the Agency left it at that point, to swell the ranks of employees of private firms like iTeco and SyTechiTeco makes the Xfiles system, and SyTechis the proud producer of ARION (Automation of Work with Information of Operational Designation). Both of these companies work closely with the Russian security services.

"Today the security services have the right not only to access the providers’ channels without a court order, but to do it remotely."

The only problem is that the systems being bought at present by the security services on tender from private firms were developed for searching structured computer files, i.e. databases, and only afterwards adapted, some more successfully than others, for semantic analysis of the Internet. In addition, the systems being bought to control the Internet were designed to work with open sources, and  are technically incapable of monitoring closed accounts such asFacebook.

However, it appears that the Russian security services have solved that problem.

Russia’s Internet has lived through several rows connected with the so-calledSystem for Operative Investigative Activities, which enables the tapping and interception of Internet traffic. At the end of the 90s, ISPs complained that they were forced to buy equipment for this system with their own money, and in the 2000s activists demanded that the Ministry of Communications insist on the security services showing ISPs a court order sanctioning Internet traffic interception. This battle ended with the complete routing of the activists, and today the security services have the right not only to access the providers’ channels without a court order, but to do it remotely.

System for Operative Investigative Activities technology has also been of use in the monitoring of social networks. Unfortunately, we have had no response from Facebook or their Russian analogue Vkontakte [‘In Contact’] to our requests to comment on their relations with the security services. At the same time, employees of the services in question have been able to clarify the situation for us. ‘Why should we hassle the social networks when we can use the System for Operative Investigative Activities to take stuff off their servers behind their backs?’, a member of one department told us.

The licences issued to providers and hosting providers, including licences for ‘data transfer connection services’, require companies whose business is to rent out site space on their servers to give the security services access to these servers without informing site owners.  Clause 10 states that ‘The licence-holder must fulfill the demands laid down by the Federal Agency with executive responsibility for communications in accord with the state organs charged with the exercise of operational investigative functions, in respect of the networks and means of communication for the execution of operational investigative activities, and also take steps to prevent the unauthorised disclosure of the organisational and tactical practices of the above-mentioned activities.’ (extracted from ‘Masterhost’ licence No.49783).

The experts, by the way, recommend ‘Semantic Archive’ as the best analysis programme for the System for Operative Investigative Activities. ‘It’s true, though, that we can only work with social networks whose servers are in Russia, and Facebook is a real problem for us,’ our security man admitted.

In fact that problem can also be solved by looking at other countries’ experience. On 1st October 2011 the Italian journal ‘Internazionale’’s festival in Ferrara was addressed by the well known Chinese journalist and blogger Jing Zhao (also known as Michael Anti), who is famous for the fact that in 2005 Microsoft deleted his blog. When Anti was asked to describe the situation in China, he summed it up in a few words.

‘Instead of Facebook we have XiaoNei, and instead of Twitter, Weibo. The usual policy in China for introducing Internet technology is to allow people to use a new product just until a Chinese equivalent is developed. So now Facebook is banned, and so is Twitter. And the servers for the Chinese versions are in Beijing.

Published on OpenDemocracy