SyTech’s FSB Document Dump: Owning The Information Space and Disconnecting It


Since the dump of the FSB’s contractor data from SyTech, I have spent some time looking at the files that the hacker group 0v1ru$ and their import. The files mostly consist of program statements and agreements between SyTech (SiTech) and the FSB (Unit 71330) for varying programs all tailored to information operations and control. Included as well are documents for programs for other units within the Russian government concerning the legal units and an information operations/communications unit as well. Overall, the documents are from the early 2000 up until 2019 and are for the most part mildly interesting.

I say mildly interesting because there are not a lot of technical documents included here. Now, the 0v1ru$ collective claims they hacked about 7.5 tb of data but they weeded that out to only dump about 177mb of the data on MEGA, so there is that. The media made hay about this information in their special way so I thought it prudent to look through it as well. For the most part the best stuff is around the programs where the Russians are looking to sift the whole of the internet using AI and algo’s to look at data and contextualize it all visually as well as pull pertinent information from mass unstructured data.

These programs not only seek to pull data out of metadata, visual data, etc, but also there is a program within the programs to edit that data (metadata specifically) on the fly to use in an information warfare aspect. I found this little tidbit interesting and think that this plays well with what the Russians were up to during 2016 and now moving on to 2020. The other program that is of note is a Tor de-anonymization effort using router nodes and heuristics to uncloak anyone using those Tor routers. It is much the same attack as that posited and used in the past where you own the exit notes and watch the flows.

Another little tidbit was a part of the overall program that also delved into the field of media including mass media and video. This also touched on facial recognition software and operations that could be used internally to control/watch internal protests and such. I see this as something along what China has been doing and likely they took cues from the Chinese state on this one. Lastly, there was a program in there as well that centered on hacking using distributed networking such as bittorrent. There wasn’t much in the way of backup data on what the tech was going to be but it seemed oriented toward having harder to track hacking via these programs.

Overall, I am kinda meh on the whole deal. The media tried to make it a thing, but really it was half a thing. I personally would like all 7tb of the data dropped on bittorrent by the hackers and have messaged them about that… Nothing back.

Oh well….

Here are the program/code names on the folders and descriptions translated from Cyrillic.


Program Code Names and Their Operation:

ARION: Program for collection of data from many source types with the ability to categorize and sort July 26 2006

BUFFALO: Only file in this folder was a certificate

CUSTOMIZATION: Search customization’s to the overall product to search for and categorize/contextualize data from the whole internet to include geolocation and ability to sift by parameters set by client.

ENOT: Infrastructure needed for these applications and framework and its implementation

EVERY SHIT: Use cases that include everything from terorrism to internal unrest using pattern recognition including visual content using “deep learning” algorithms (Facial Recognition through GOSNIAAS

EXPERT-MPI: Creation of a set of software and hardware for legal support of the state system of legal information”

FORK: Code OKR-2 – “Tuning fork” Distributed Secure Computing System (Possibly Quantum Computing) Units 71330 and 43753 due in 2021

GAMBIT: Contract codes and prices in this folder

HOPE: “Study of the possibility of developing ATP, providing the accumulation, processing and visualization of technical information
on cross-border Internet traffic transfer routes ”

INFLUX: “Investigation of the possibility of creating a situational awareness center in a secure execution” Cipher NIR – “Infusion-2” due 2021 Study of existing and development of new methods for the distributed collection, processing, presentation and dissemination of information about objects of interest.

KNOCKOUT-S: Metadata engine/software for context searches for the whole of the internet. This will be used to contextualize threats (Including video/Visual mediums)

MENTOR: The purpose of research is to study the feasibility of developing an integrated automated system for collecting information by special methods and means.

MOSQUITO: “Investigation of the possibility of creating a software and hardware complex that implements the search and collection of information materials on the Internet, taking into account the anonymity and concealment of informational interest” (Cipher – “Mosquito”) Anonymous search collection to collect data without a trace

NAUTILUS-S: De-anonymization of TOR

Using clustering methods will allow you to go to a different level of analysis of the network traffic of the Tor network, including encrypted. Using signature and heuristic analysis of Tor sessions will provide tools for extracting Tor traffic from a stream.

2.Investigation of the possibility of creating a “trusted” output APC node to intercept traffic (using the Tor network as an example).
In addition to the problem solved in the mid-range research work, it is advisable to continue the study of creating trusted input and intermediate nodes in combination with methods such as active detection of TOR using trap hosts. The combination of methods will expand the possibilities for the study of constructed chains of Tor-nodes and the ability to intercept authentication data.
It is also advisable to develop methods for analyzing the parameters of Tor network nodes to assess their suitability for use as “trusted” ones.

ONSLAUGHT-2: Malware Research and Analysis Tool The purpose of the work is to create a software product based on the Open Source software suite that provides the ability to manage tasks from a single user interface by:

1) research and analysis of malware;
2) control and analysis of network traffic;
3) control the integrity of the code OS, OPO, STR.
Debian implementation environment (current version), LXDE desktop.

PEDANT: “Development of application software for a set of software and hardware tools of a dedicated segment of the legal information system of the State Legal Administration of the President of the Russian Federation”

REALITY: The purpose of research is to study existing and develop new methods and tools for the automated modification of attributes and metadata of information materials. (Military Unit 71330: Special Communications Services)

REWARD: “Investigation of the possibility of developing ATP penetration and covert use of peer-to-peer and hybrid network resources.”
code “Reward”. The aim of the work is to study the possibility of developing a complex of penetration and covert use of peer-to-peer and hybrid network resources.

Explore the features of the construction and implementation of peer-to-peer (decentralized) and hybrid (not using a tracker) networks (for example, networks like ED2K, BitTorrent, OpenFT, Jabber, etc.).
2.2.3. To develop a set of software and hardware penetration into existing (peer-to-peer and hybrid) networks.
2.2.4. To create an experimental model of a hardware-software complex (hereinafter referred to as EO PAK “Reward”) to study peer-to-peer and hybrid networks and to test it.

SATELLITE: SATELLITE Search API being created by SPUTNIK and SyTech