Russian State-Run Data Monitoring: Business or Research?

By Ava McKinneyOnline Safety

Scientific Research? No… Just the Business of Selling Information

By @iskatel007, August 9, 2019

Hello, friends! Let’s talk about something pressing… information 😉

From time to time, the media reports that there’s chaos—a thriving black market for information, with employees leaking data everywhere, and a general sense of lawlessness. But in reality, things are much more organized and straightforward: a government agency, without any secrecy and completely legally, presents itself and sells everything about us.

The publication “Meduza” discovered that the Scientific Research Computing Center under the Presidential Administration of Russia (GlavNIVC) is developing systems for monitoring and de-anonymizing internet users. Both government and commercial organizations have access to these systems.

GlavNIVC’s Monitoring Services

  • Media Monitoring tracks posts and reposts on social networks, linking them to specific users.
  • Sherlock contains detailed information about Russian citizens. Some of this data comes from illegal databases previously sold on the black market.
  • PSKOV (“Special Category Search System”) extracts data from the anonymous Tor network.
  • Poseidon monitors social networks to identify posts and comments with extremist content.

Access to some of these products is available commercially: “Media Monitoring” costs 6.5 million rubles per month, while “Sherlock” is 11.5 million rubles per month.

With “Media Monitoring,” you can see the IP addresses of social network users and, if desired, determine their physical location. If a user has a VPN enabled, the data will be inaccurate.

Through “Sherlock,” you can find extremely detailed information about a person if you know just their name and surname, city of residence, phone number, or email address. The dossier includes information from both open sources (like social networks) and closed ones (such as traffic police databases, leaks from various sites, etc.). The system provides full name, date of birth, car VIN number, passport details, tax ID, business registration numbers, phone identifiers, domains and companies registered by the person, and even criminal records.

“Sherlock” also includes another service—FaceRadar, similar to FindFace and FindClone, which allows you to search for a person in the database by their photo. “Sherlock” was modeled after the big data analysis system Palantir, used by U.S. intelligence agencies. It can build complex connections between people: who is in their social circle, what their friends do and are interested in, and what businesses their relatives own.

Use and Presentation of the Services

GlavNIVC employees openly present their products, claiming they can be used to check the reliability of clients and candidates for important positions. These services are used to screen employees of the presidential administration and the National Guard, and also help weed out unreliable volunteers at events involving Vladimir Putin. For example, if a volunteer has friends marked as “terrorist,” “anarchist,” or “libertarian,” they are not allowed to attend such meetings.

GlavNIVC has been working on these services since 2014, and began offering them to commercial companies in 2016. Former employees say business isn’t going well: there are few clients, development was expensive, and it’s hard to recoup the costs. Many staff have left and now work as programmers at major companies (Rostelecom, Mail.ru, and others). The Ministry of Internal Affairs declined to purchase “Sherlock,” considering it unreasonable to pay for databases that are already accessible.

Slides from GlavNIVC presentations claim the center has access to the closed API of Mail.ru Group services (which owns Mail.ru email and the social networks VKontakte and Odnoklassniki), as well as to the system for operational investigative activities (including SORM-3, which collects data from all types of electronic communications and stores traffic as required by the Yarovaya law). This may be a marketing ploy, since SORM-3 is currently not operational, and providing access to such systems could be considered a violation of state secrets.

GlavNIVC declined to comment to “Meduza” about this investigation, and the Ministry of Internal Affairs, FSB, Presidential Administration, and Mail.ru Group all stated that the information provided is not accurate. Roskomnadzor did not respond to the inquiry.

Prepared by: @iskatel007
Private Detective / Security Analyst / Information Security Specialist

Telegram: @iskatel007
Wickr Me: iskatel007
Eleet: AB802089
Threema: URT2S2X6

Telegram channel for business security information services (search, analytics, assistance in various life situations):
https://t.me/joinchat/AAAAAEpnFMcCaUf9czghzg

Leave a Reply