The hackers stole the data and shared it with another hacking group who was involved in the hacking of another FSB contractor.
On Saturday, 13 July 2019, a group of hackers going by the online handle of 0v1ru$ hacked and defaced the official website of SyTech, a high-profile contractor working for Russian intelligence agency FSB (Russia’s Federal Security Service).
The group left a deface page along with a “Yoba face” on SyTech’s website. The website breach reportedly allowed hackers to steal a massive trove of highly sensitive and confidential data belonging to FSB related project.
BBC Russia was the first one to report the breach according to which SyTech’s projects were mostly contracted with Military Unit 71330. Furthermore, the group shared the data with another hacking group called “Digital Revolution” who happened to be the same group of hackers who were behind the breach of another FSB contractor “Quantum” in 2018.
The treasure trove of stolen data was later sent to several media outlets however on July 18th, “Digital Revolution” used its Twitter account to post several screenshots of the data.
A look at leaked screenshot revealed that apparently, 0v1ru$ hackers managed to steal 7.5 terabytes of data from SyTech. Some of the stolen information revealed that SyTech, on behalf of FSB, has been allegedly working on several projects including one focusing on de-anonymization the privacy-focused Tor browser.
Although, BBC’s report claims that the leaked files did not contain any state secrets, some of the information has exposed dark projects ran by FSB for instance:
Nautilus targeted those Internet users in Russia who used anonymization tools for online privacy purposes especially Tor browser. The project itself aimed it looking for methods to deanonymize Tor browser.
Nautilus-S focused on the extraction of personal data of users from social media platforms such as MySpace, Facebook, LinkedIn.
Reward focused on possible ways to explore vulnerabilities and development of tools to penetrate peer-to-peer networks to spy on torrent users. The project was carried out in 2013-2014.
Tax-3 focused on deleting data of high-profile Russia government and civil figures from the Internet and keep it on an intranet that should not be linked to other IT-networks.
Hope focused on building Russia’s very own Internet. In February this year, Russia announced shutting down its Internet to test its cyber deterrence and how its own version of the Internet would function.
It is no surprise that Russia is looking into deanonymizing Tor browser. For the past several years, Russian authorities have been attempting to block Tor counter online anonymity and increase online surveillance.
On the other hand, the breach itself has not exposed anything sensitive but it did highlight the fact that contractors are always a weak point. Last year, APT15, a group of Chinese hackers targeted UK government contractor and successfully stole highly sensitive military technology secrets.
Furthermore, the data breach also reminds of Wikileaks’ Vault 7 leak exposing how the CIA and other American security agencies worked on malicious tools to spy on users and targeted not only foes but friends as well.