Some of Russia’s surveillance tech leaked data for more than a year
Government mandated hardware wiretaps installed on the networks of Russian Internet service providers (ISPs) have been leaking sensitive user information including GPS coordinates and device-identifying MAC addresses, a Russian security researcher discovered last year.
The wiretaps, called System for Operative Investigative Activities (SORM) devices, are designed to provide Russian authorities with access to various types of data processed by ISPs. However, the researcher discovered that 30 SORM devices connected to the environment of 20 ISPs exposed data via unprotected FTP servers containing data logs from law enforcement surveillance operations. The researcher has been coopering with the impacted ISPs to resolve the issue.