SORM 1, 2 y 3

Análisis de los diferentes sistemas SIGINT a escala mundial: ECHELON, FRENCHELON, SITEL, SORM
kilo009
Administrador
Mensajes: 7691
Registrado: 13 Nov 2006 22:29
Ubicación: Foro de Inteligencia
Contactar:

SORM 1, 2 y 3

Mensaje por kilo009 »

Son sistemas de espionaje de comunicaciones de origen ruso.

Imagen

SORM 1 monitoriza comunicaciones telefónicas, incluidas las móviles.
SORM-2 es responsable de interceptar el tráfico de Internet, incluyendo VoIP.
SORM-3 recoge información de todos los medios de comunicación, y ofrece almacenamiento a largo plazo (tres años), que proporciona acceso a todos los datos del usuario.

Más cosillas:

-Los datos llegan directamente al FSB, no hay como en España por ejemplo la participación de un juez por medio.
-Fue desarrollado por un instituto ligado al KGB a mediado de los 80
-El encargado de gestionar el SORM en sus inicios fue el FSB, aunque otras agencias policiales y de inteligencia tienen acceso a él a través de puntos establecidos por el FSB. En la actualidad otras agencias son responsables de su propio SORM

Información extra y técnica: https://www.privacyinternational.org/bl ... n-approach

Más cosillas:
Moscow Times, March 16, 1999

Beware FSB Surveillance Of Internet

EDITORIAL

In a master control room in the bowels of the Lubyanka, teams of FSB
agents spend their days intercepting private correspondences sent via the
Internet between friends, lovers, business partners, politicians. And there
is no one watching the watchers.

It's a disturbing idea. And as Jen Tracy reports in Business Extra on Page
15, it is well on its way to becoming a reality.

A new regulation known as SORM-2 is under review at the Justice Ministry,
awaiting minor tweaks before its eventual enactment. This regulation would
allow the Federal Security Service, or FSB, to conduct real-time monitoring
of every e-mail message, credit card transaction and web page sent or
received in Russia.

The SORM-2 arrangement would have this information piling up in FSB
computers. In theory, the FSB would need a warrant to look at any of it; in
practice, however, the FSB has already demanded such information from
Internet service providers without warrants, so there is no reason to
expect particular compliance with the constitution on that point.

The U.S. government already monitors international e-mail traffic through
the National Security Administration, and the NSA's legal authority to do
so seems equally dubious. But at least the NSA, unlike the FSB, has never
been accused of selling the information gathered for use as political
kompromat or using it to blackmail prominent businessmen. Nor, for that
matter, does the NSA trace its roots to that of a Soviet secret police
organ that tortured and killed.

The SORM-2 proposal also calls for Internet service providers themselves
to lay out the thousands of dollars it will likely cost to install the
surveillance hardware the FSB needs. Providers will pass on the cost of
this hardware to the consumers in the form of a 15 percent cost hike -
which means Internet users will pay more for the pleasure of being spied
upon.

That Internet service providers are a bit timid in leading the fight
against SORM-2 is not surprising - the FSB can just pull the licenses of
troublemakers and shut down their businesses. But SORM-2 ought to be
derailed, and providers should be encouraged to do more.

For starters, providers could indeed dump old stored e-mails from their
computers. These e-mails are stored as a byproduct of programs that track
each Internet user's web hits - but those programs could also be rewritten
to be more selective. Providers have no business storing old e-mails for
long periods of time - only so the FSB can come along and demand to read
them.

***************************

Who Reads Your E-mail?

By Jen Tracy

Imagine every one of your incoming and outgoing e-mails, every one
of your credit card purchases and every one of your electronic
banking transactions popping up in real time on a computer at the
Lubyanka, the former KGB headquarters that now houses Russia's
Federal Security Service. Imagine the FSB's computers collecting and
storing this information - for years, perhaps even decades - without
ever once bothering to obtain a warrant. That is the reality the FSB
is striving toward with a little-known legal project dubbed SORM-2.
The Russian security service is seeking what its American
counterparts have long enjoyed: complete access to the electronic
communications traffic of the nation's people and organizations.

SORM is the Russian acronym for Sistema Operativno-Rozysknykh
Meropriyatii, or System for Operational-Investigative Activities. A
1995 regulation called SORM -1 gave the security services the power
to monitor all telecommunications transmissions - provided they first
obtained a warrant.

That is the way things work now: The FSB and FAPSI, the Federal
Agency for Governmental Communication and Information, already
monitor e-mail transmissions. To do so, they must either tap into someone's
telephone - a time-consuming process that involves physically
splicing into select lines - or visit that someone's Internet service
provider. Either way, transmissions cannot be monitored in real time,
and the FSB needs a warrant before it can even get started.

In August, however, the FSB and the State Communications Agency,
Goskomsvyaz, drew up an addendum to the SORM regulations called
SORM-2. It would require all of Russia's Internet service providers -
there are about 350 across the nation - to install an FSB-provided
"black box" monitoring device in their main computers, and to build a
high-speed fiber-optic line from that device to the FSB. Because
SORM-2 is to be enacted as a regulation and not a law, it will be
reviewed by the Justice Ministry, but will not need the approval of
either parliament or President Boris Yeltsin.

These SORM-2 listening devices would route copies of all Internet
traffic to FSB computers - warrant or no. In theory, a warrant would
be needed to actually read any of the documentation piling up in the
FSB's hands. But in practice, human rights groups say, the FSB is
unlikely to worry about such legal niceties when the information it
wants is just a mouse-click away. In other words, human rights
activists are predicting a complete loss of Internet privacy for the
more than 1 million people in Russia who use the Internet - and for
tens of thousands more who use credit cards or other electronic
banking instruments here.

"This is a police-state practice. (The FSB) should not be alone
in its right to surveillance. Society should be able to audit the
agency in return. It's a step toward dictatorship," said Anatoly
Levenchuk, a Moscow-based Internet expert - and the man who first
revealed the existence of SORM-2, by posting a draft of the FSB
project on his own web site, www.libertarium.ru.

But the FSB is not the first to come up with the idea of tracking
all Internet traffic. The U.S. National Security Agency has been
doing it for years: Electronic surveillance information is collected
from across North America, Europe and Australia through an
international network called ECHELON, and routed to the NSA complex
in Fort Meade, Maryland.

The NSA has never confirmed that. But then, the NSA's own
existence was a secret - despite its staggering annual budget of $ 8
billion - until a 1982 book, "Puzzle Palace," told about it. Since
then the NSA has set up its own web page (www.nsa.gov:8080) - and
more and more information has come out in recent years about its
activities.

"Within Europe, all e-mail, telephone and fax communications are
routinely intercepted by the United States National Security Agency,"
according to a report commissioned by the European Parliament, and
presented to the parliament in January 1998.

"ECHELON indiscriminately intercepts large quantities of
communications and uses computers to identify and extract messages of
interest from the mass of unwanted ones," wrote New Zealand author
and researcher Nicky Hager in a 1996 book about the NSA, "Secret
Power." A key difference between the American and Russian security
services is that Russian spetssluzhby have a nasty habit of selling
information gathered electronically to the highest bidder, and the
information ends up serving political ends. As Noviye Izvestia noted
Friday, Internet users are already ironically referring to SORM as
Sistema Oblegcheniya Rassledovaniya Materialov, which could be
roughly translated as a System for Scandalously Unveiling
Investigative Materials. The newspaper Novaya Gazeta in January even
argued that this was the main point of SORM-2 - to let FSB agents
gather material for use in blackmailing business people and for other
dubious yet profitable activities.

The FSB can only dream of the $ 8 billion allocated to the NSA:
The entire 1999 Russian federal budget only foresees spending of
about $ 25 billion at current exchange rates.

In SORM-2, however, the FSB has come up with its own solution to
the expensive problem of setting up a Russian-style ECHELON system:
The FSB wants Internet service providers to pay for the installation
and maintenance of the SORM-2 black boxes and dedicated FSB hotlines.

Providers and Internet analysts say picking up the costs of
SORM-2 would set providers back thousands of dollars a month. That
extra cost would be passed on to Internet users in the form of
markups of 10 percent to 15 percent - which could be horrible for
business, as Internet access in Russia is already expensive, running
at least $ 30 or $ 40 a month for most people.

Dozens of the nation's smaller providers would not be able to
sustain the burden of paying for both their own costs and for SORM-2.

"The SORM-2 financial burden will be quite heavy for small
(providers)," said Michael Novikov, marketing manager for St.
Petersburg software developer Arcadia Inc., in an interview with The
Industry Standard computer magazine. "(Providers) will also likely
lose some corporate users because of fears over insecure data
exchange, perhaps through the possibility that the FSB would reveal
or sell corporate secrets." One way around SORM-2 is the use of
encryption programs. Legal experts disagree on whether private
individuals or companies in Russia can encode their e-mails and other
electronic correspondence, but Levenchuk, who has looked into it thoroughly,
insists it is legal.

And already people are turning to encryption. Maxim Otstanov, the
host of the Russian version of a U.S-based web site that offers the
commonly used encryption program Pretty Good Privacy, or PGP, says
that since the news of SORM-2 was first leaked by Levenchuk in the
summer, the number of hits to his web site have more than doubled.

You remember the KGB, don't you?" said Yury Vdovin, deputy
chairman of Citizens' Watch, a St. Petersburg-based human-rights
group. "They're used to collecting dossiers on citizens, just in
case. They collected, collect and will continue to collect
information on us. Now they're asking me to pay extra so they can tap
me at an even higher quality?" As Vdovin's comment suggests, there
seems to be a natural alliance between Internet providers and
human-rights activists against SORM-2. But appearances can be
deceptive: No such alliance has materialized, and the two groups are
often suspicious of each other.

Human-rights activists complain that providers are too
FSB-friendly as is - and allege that providers themselves are already
running their own mini-SORM -style operations, storing years worth of
their clients' old e-mails.

At a Citizens' Watch conference on privacy held last month in St.
Petersburg, Ivan Seckey of the Open Society Institute at the Central
European University in Budapest said that Russian Internet service
providers could be doing much more to fight the FSB.

"They should delete all transmissions immediately, so the FSB
can't force them to hand over information by threatening to revoke
their licenses," Seckey said. "They don't do this now because they
need the benevolence of the authorities, and also because they use
certain information for marketing purposes." Providers concede that
they store information about a client's Internet activity - that is
how they keep track of "hits" on certain web sites, and assemble
information about those hits by demographic factors, which is
important to advertisers and would-be advertisers on a certain web
site. And they concede that e-mails get stored along with that
information, because the programs that track Internet activity don't
differentiate between different kinds of activity - it all just gets
sent into the memory banks.

But beyond that, providers say the human-rights activists often
don't know what they're talking about. And they also say they are
afraid to stand up to the FSB and Goskomsvyaz because the state can
pull their licenses. Given that FSB power over their fate, it's not
surprising that many providers disdain the fiery talk of the human
rights and privacy rights activists, and instead try to speak carefully
of SORM-2 - as a narrow business dispute with the FSB
over who will pay for it.

"There is no conflict now (over SORM-2)," said Andrei Sibrant,
director of Moscow's Glasnet. "When the FSB comes to me with specific
documents detailing what technology I need to install and how much I
will have to pay for it, then there will be a massive conflict. Until
then there is no reason for human rights groups who know nothing
about the business to provoke a conflict." Andrei Sorokin, executive
director of St. Petersburg's Peterlink, offered a similar view. "I
will not, I repeat, will not buy this equipment for the FSB. This is
ridiculous. We'll have to pass along this cost to the customers.
We're in the middle of a crisis and they can barely afford the
Internet as it is," he said in a telephone interview. But if that
sounded combative, Sorokin's rhetoric is, like that of many other
providers, simply the opening bid: "When the time comes, we will band
together and fight. They can't close down an entire market. But until
then, there is nothing to fight." Levenchuk, the Internet analyst who
first spoke about SORM-2 on his web site, has long been trying to
organize opposition to it. It has been an uphill slog - in no small
part because Internet service providers themselves are rarely eager
to stand up to the FSB. "Usually providers are more FSB-friendly than
the public thinks," Levenchuk said.

The same complaint comes from Yevgeny Prygov of Krasnodar, who
was working with Levenchuk as the coordinator of an official
anti-SORM movement with its own web site, www.antisorm.df.ru.

"Well, the movement was a good idea but the movement has been
broken," Prygov said in an e-mail interview last week. "It lacks the
interest of (Internet service provider) executives." "The crisis in
Russia has redefined some of the priorities and the Anti-SORM
movement is one of the victims of this process," Prygov continued.
"People are thinking about how to stay alive and they forget the
value of freedom." In fact, about the only thing Prygov's anti-SORM
movement seems to have done was set up a web site, announce itself -
and disband.

"No steps were taken - only talks," Prygov admitted. "Everyone is
so afraid. I don't have a family but even I alone cannot go without
work for a month and expect to eat. We have to be careful to survive.
We have no reserves. The standard of living here is not to be
compared to that in Moscow or St. Petersburg." But even in Moscow,
the standard of living is no picnic for the unemployed. Membership in
the anti-SORM resistance movement has crumbled just as quickly here.

"They lasted all of five minutes," Levenchuk said. "The FSB
usually wins these things." The Internet service provider Data Force
was one of two Moscow companies that tentatively decided to oppose
SORM-2."After we had a discussion we decided to (join the) protest,"
said Sergei Domatov, Data Force's assistant director. "Afterward the
FSB contacted us, and we decided at this point there is nothing to
fight about. The FSB is doing their job, and we are doing ours." If
providers seem quick to fold, in part that's because they have long
ago learned the futility of arguing with the FSB. Even before SORM-2
the FSB has been known to request access to e-mails and other
information - with or without a court order.

Peterlink is one of many providers where company officials can
recount a visit from FSB agents who refused to present a warrant.

"We refused to give them information, but they're professional,"
said Sorokin of Peterlink. "They threaten to revoke our operating
license. We want to protect our clients' rights - but we also have to
protect our business. Everyone is afraid." "The FSB comes to
providers here and says simply, 'We want full access to all e-mail
traffic of your clients.' We ask for a warrant or court order, they
don't have one, but they have the power in every structure in the
province and (providers) surrender to stay alive," said Prygov of the
anti-SORM movement.

To date, only one provider has refused to conform to SORM-2
regulations. Since last April, Oleg Sirov of Volgograd-based
Bayard-Slavia Communications has repeatedly refused to cooperate with
FSB requests for information, demanding first to see a warrant. He
has also refused to foot the bill for the required technology.

But in telephone interviews from Volgograd, officials at
Bayard-Slavia Communications say they have recently been threatened
by the FSB with losing their license. They also say they have faced a
tax police audit that turned up nothing but was harrowing just the
same. Watching from Moscow, Levenchuk says of his friends at
Bayard-Slavia, "I am afraid that the official reason for withdrawing
their license will not be related to SORM-2." Boris Pustintsev,
chairman of St. Petersburg-based Citizens' Watch, said he was
pessimistic about the chances of an anti-SORM resistance movement
among providers.

"I'm sorry to say that they will probably only be successful in
going broke," he said.

But Pustintsev added that if more than half of all providers were
to unite, then with the backing of human rights groups they could
succeed.

"We will broadcast (news of the battle) throughout the world. The
FSB can't close them all down. That would be a scandal of
international proportion and Russia can't have that right now,"
Pustintsev said.

Citizens' Watch has set a self-imposed deadline of June to draft
proposals, to be read in the State Duma, the lower house of
parliament, on creating a system of checks and balances on SORM-2.

One such proposal described by Vdovin would involve giving a
"key" to the FSB computers receiving information from SORM-2 black
boxes and hotlines to an independent third party. That key would only
be loaned to the FSB when its agents can produce a court order; the
third party would also keep a log of all FSB SORM-2 eavesdropping
activity.

But human rights and privacy activists are quick to add that
SORM-2 raises fundamental questions about freedom that can't be
solved with a few laws and clever ideas.

"It's a problem of educating the people - starting from the
ground up," Levenchuk said. "It's no use fighting the FSB when no one
understands what the fight is for." Christopher Hamilton and Bradley
Cook contributed to this report. http://www.libertarium.ru/l_sormpr_mtimes
In the context of the FBI's CARNIVORE in the US and the British
R.I.P. Act and MI5, forum-members may find the following item of interest
(Sorry, for it being a few weeks late)

Glenmore Trenear-Harvey
London

------

FSB Runs Over Democracy In Race To Control Internet
By Jen Tracy St. Petersburg Times June 15th 2000

THE Internet is one of the most important tools of information and freedom in
Russia's halting democratic experiment - international contact at the touch
of a
finger. But it may soon cease to exist, at least as an instrument of
democracy.
What it will become instead, if the FSB has its way, is reminiscent of Soviet
times
- Big Brother made real.

Russia's current social structure is such that the Internet stands very
little chance
of survival. The FSB - the country's Federal Security Service - is trying to
turn it
into a personal spy network. Providers are likewise willing to compromise
their
integrity in return for financial gain. And citizens, far from defending
their constitutional right to privacy, are still passively sitting back,
afraid to confront the fears that have haunted them for over 80 years.

The FSB has masterminded and is now implementing a technical regulation,
SORM-2, which will give it comprehensive control over the Internet. It will
reroute, in real time, all electronic transmissions - originating in or
addressed to
Russia - to FSB headquarters, targeting not potential threats to national
security
but regular citizens. In so doing, the FSB will no longer need a warrant to
obtain
private information of any kind - an overt violation of both the Russian
Constitution and the Law on Investigative Activity, which has so far gone
unchallenged in court. The Soviet-era practice of stockpiling information on
private citizens is ready to resume in force.

With this technology - which the providers are expected to pay for and train
agents to use - the FSB will have access to e-mail passwords, classified
transmissions of private companies and financial information. Such control
over
the Internet will make anything possible for the agency: blackmail, easy
access to
industrial secrets and the ability to sell company-to-company information.
The FSB needs money to operate. Control of the Internet could, at the very
least, fund their future.

The FSB has already shut down two providers for their refusal to conform to
SORM, and is getting away with it. SORM's strength is in its shadowy status -
as
a "technical regulation," it is not a law, requiring neither a reading in
the Duma
nor a presidential signature. Why then do providers comply? Because the FSB
controls the licensing process for all Internet activities. No provider can
operate without FSB approval; any license can be revoked by the agency. Any
provider
who refuses to cooperate with SORM will see his business shut down within a
matter of weeks.

The only way to fight this encroaching threat is by taking the FSB to court on
constitutional grounds. But while service providers should be the primary
protector of the Russian Internet, many are siding with the FSB, and only one
so
far has been willing to risk his business. Nailj Murzahanov, general director
of
Bayard-Slavia in Volgograd, saw his firm summarily shut down three weeks ag
after he threatened to sue the FSB for forcibly requesting client passwords
and
other agency information without a warrant.

Officially, however, Bayard-Slavia's satellite channel was disconnected and
its
capital frozen not because of its refusal to comply with SORM but over a
so-called
licensing "error" - an easy out for the FSB, which is eager to avoid
subjecting its
regulation to the scrutiny of the court. In fact, most small providers could
find
themselves called to task on similar "errors."

Over 90 percent of Russian service providers are technically sub-providers,
leasing their frequencies from a larger provider and required by law to hold
two
operating licenses, one of which must be provided by the lessor.
Moscowteleport, the parent provider with whom Bayard-Slavia held its lease,
claims it "forgot" to
license Bayard-Slavia, hence the unfortunate "error." In actuality,
Moscowteleport
has been similarly forgetful when it came to its other sub-providers, none of
whom has been granted the second necessary license. Only Bayard-Slavia,
however - the one provider to challenge the FSB and SORM - got closed down.

This is where the parent providers have struck their deal with the
devil,sacrificing the integrity of the Internet in return for monopoly
control of the market. Because smaller providers cannot afford the technical
upgrades required by SORM, they will have their operations terminated for
failure to conform.

Larger providers like Moscowteleport - considered by many Internet experts to
be the pravaya ruka, or right hand, of the FSB - have no qualms about
cooperating, knowing they will receive the lion's share of the market as the
smaller providers are systematically squeezed out. The FSB has operated on a
principle of divide and conquer, and has had a smooth time on the field so
far. In
the battle for Russia's Internet, Bayard-Slavia and Moscowteleport represent
the
two camps: out of business, and FSB-friendly.

This leaves the role of Internet savior up to the country's citizens, and
Russia just
isn't ready for this. Russians have only gotten their feet wet on the shores
of
democracy. There are few people who even understand the rights granted them
by the Constitution; those who do understand are doubtful, with good reason,
that such rights will ever be upheld. They have lived for decades with a fear
that's hard to shed.

The specter of the KGB didn't die with the Soviet Union, and there is no
assurance
the FSB will ever conform to the democratic standards Russia has ostensibly
set for itself. And this is the tragedy: Until the people realize that social
dissent is as
significant a part of democracy as the Constitution, the hallmarks of the
Soviet
era will continue to outpace democratic progress.

The Internet is a momentous opportunity for Russia. But if the FSB gets
control of it, democracy and freedom have no chance.

Jen Tracy is a staff member of The St. Petersburg Times. She has written
extensively on the SORM-2 regulation. http://lists101.his.com/pipermail/intel ... 02383.html
Algunos datos más en Wikipedia: http://en.wikipedia.org/wiki/SORM

En algún lugar ya sitúan a Snowden trabajando para mejorar SORM :D http://inagist.com/all/364873315103424512/
Saber para Vencer

Twitter

Facebook
Responder

Volver a “Sistemas de Interceptación de Comunicaciones”